[nsp] telnet exploit on 3550 ?

Jim Devane jim at powerpulse.cc
Wed Dec 3 18:23:45 EST 2003


D- 

I doubt it. 

They would have had to beat TACACS and we restrict TACACS responses from IP.

As reboot did clear it but I cam concerned about the future.

Thanks,
Jim


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Dmitri Kalintsev
Sent: Wednesday, December 03, 2003 2:25 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [nsp] telnet exploit on 3550 ?

Jim,

Somebody just guessed your password and got in. Also by the look of things
they have done what you should have done in the first place - created a vty
ACL to keep you out of it. Simple reboot won't help you much, I'm afraid.
You'll have to go through the password recovery procedure, via console
cable.

SY,

-- D.K.

On Mon, Dec 01, 2003 at 12:51:03PM -0800, Jim Devane wrote:
> All,
...

> However, is there a knows exploit against telnet that is known? Below are
> the RSH attempts and the TACACS log of what happened and the "sh use" I
> cannot clear this line in my switch
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list