[nsp-sec] Scans from Columbia University CS department

Joel Rosenblatt joel at columbia.edu
Thu Jun 25 12:18:32 EDT 2009 

Good questions and good point :-)

By low level they are trying to make a connection to the box using the default user/password, then dropping the connection.

They are not trying any other passwords other than the manufacturers default.

The information collected is the brand of router and the IP address and their plan is to provide the information to any ISP that requests the list as a service 
to them and their home clients (at no charge), in addition, they will be publishing the results (not the IP addresses) in hopes that it will stimulate interest 
in home router hygiene being included as part of standard home security hygiene - sort of a public service.

I guess that we (and by this, I mean our CS department :-) can debate on if the use of public passwords published by the manufacturer is guessing or not.

In any case, I should be able to get the list of IP's with default passwords for people interested.

Joel

--On Thursday, June 25, 2009 9:46 AM -0600 "Smith, Donald" <Donald.Smith at qwest.com> wrote:

>
>
> Donald.Smith at qwest.com gcia
>
>> -----Original Message-----
>> From: nsp-security-bounces at puck.nether.net
>> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
>> Joel Rosenblatt
>> Sent: Thursday, June 25, 2009 9:19 AM
>> To: nsp-security at puck.nether.net
>> Subject: [nsp-sec] Scans from Columbia University CS department
>>
>> ----------- nsp-security Confidential --------
>>
>> Hi everyone,
>>
>> In case you notice some low level scans on your network of
>> port 21 and 23 from machines named
>> hacktory(xx).cs.columbia.edu, they are running an experiment
>> looking for vulnerable routers.
> What do you mean by low level scans?
>
> How are they identifying vulnerable routers?
>
> Is this telnet and password guessing?
>
> If so your in violation of your own AUP:)
>
>
> http://www.columbia.edu/cu/policy/network_use.html
> 1. Unauthorized attempts to gain privileged access or access to any account or system not belonging to you on any University system are not permitted.
>
> 6. No University system or network may be used as a vehicle to gain unauthorized access to other systems.
>
> Honestly I am interested in the results but suspect this may be illegal depending on the answers to qwestions above:)
>
>
>>
>> Please let me know if you think that this is a very bad idea
>> - I will pass along any (sanitized) comments - or you can
>> send email to ids at cs.columbia.edu
>> directly :-)
>>
>> This has been going on for about 3 months now.
>>
>> Thanks,
>> Joel Rosenblatt
>>
>> Joel Rosenblatt, Manager Network & Computer Security
>> Columbia Information Security Office (CISO)
>> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
>> http://www.columbia.edu/~joel
>>
>>
>> See <http://hacktory03.cs.columbia.edu/>
>>
>> Project Details
>>
>> The router vulnerability assessment initiative is part of a
>> study conducted by the Intrusion Detection Laboratory at
>> Columbia University.
>>
>> The intention of the project is to scan for and catalog
>> common vulnerabilities and misconfigurations found among home routers.
>>
>> The project will not record or access personal information,
>> nor will it launch any type of malicious attack against the
>> target devices.
>>
>> Upon the conclusion of the project, the general findings will
>> be published in a scientific paper, and will be furnished to
>> the relevant internet service
>> providers.
>>
>> If you are interested in this project or would like to opt
>> out of this study, please contact us at:
>>
>> ids[at]cs[dot]columbia[dot]edu
>>
>>
>>
>> Joel Rosenblatt, Manager Network & Computer Security
>> Columbia Information Security Office (CISO)
>> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
>> http://www.columbia.edu/~joel
>>
>>
>>
>> _______________________________________________
>> nsp-security mailing list
>> nsp-security at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/nsp-security
>>
>> Please do not Forward, CC, or BCC this E-mail outside of the
>> nsp-security
>> community. Confidentiality is essential for effective
>> Internet security counter-measures.
>> _______________________________________________
>>
>>



Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel

More information about the nsp-security mailing list