[scg-sec] FreeBSD exploit?

Christopher L. Morrow christopher.morrow at mci.com
Fri Mar 4 14:14:25 EST 2005



On Fri, 4 Mar 2005, Smith, Donald wrote:

> I have thought the ssh bruteforce password guessing we have been seeing was aimed at routers and other ISP infrastructure devices ALL ALONG.
> When they install the new system they SHOULD change their passwords. They should consider any passwords and accounts used on that system compromised.
> I would like to perform forensics on the system once you get it if that's acceptable.
> We can work out details to get me access to a disk image file so I don't taint the original system. In fact the first thing you should do once you get it is image the drive and lock the original in a safe (limit access).

and they should:
1) infrastructure acl
2) vty acl
3) change passwds on a 'regular' basis...

not all these things happen, obviously :(


More information about the scg-sec mailing list