Home page logo
/

nanog logo nanog mailing list archives

Re: router damaged by cracker?
From: John Fraizer <nanog () EnterZone Net>
Date: Thu, 12 Oct 2000 13:11:56 -0400 (EDT)


On Thu, 12 Oct 2000, Deepak Jain wrote:



By the way that article reads, I would guess the attack was not
exceptionally sophisticated. (Everyone's definition of sophisticated is
different). 

If one removed the config-reg (or renamed it) function on a small Cisco's
firmware one could quite effectively change the passwords and make it
difficult for a not very technical group of admins to take it back.

Since there is talk about moving their main router behind a firewall, my
guess is that they are using a routing appliance rather than any
sophisticated routing hardware. The $18,000 replacement is probably for a
different vendor, not because the hardware has lost function.

This is all wild conjecture because I haven't seen any alerts from vendors
in their normal channels. :)

Deepak Jain
AiNET


I would tend to agree.

From the DenverPost:

"Eagle Network, which has an environmental bent, services 100 Web sites
and has 220 customers for its e-mail service, eagle-access.net."

I feel bad for these folks.  I don't know of many 25xx/26xx (guessing)
based providers who keep hot-spares on site but I'm fairly certain that
they could have obtained a temp-replacement router of nearly any make and
configuration for the cost of shipping during that timespan.


---
John Fraizer
EnterZone, Inc.





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault