[scg-sec] FreeBSD exploit?

Paul Goyette pgoyette at juniper.net
Fri Mar 4 14:20:11 EST 2005


Yeah, I have a conf call with them shortly and I will stress
the obvious!

Thanks everyone for the quick responses!

-----Original Message-----
From: Christopher L. Morrow [mailto:christopher.morrow at mci.com]
Sent: Friday, March 04, 2005 11:14 AM
To: Smith, Donald
Cc: Paul Goyette; Skitter List
Subject: RE: [scg-sec] FreeBSD exploit?




On Fri, 4 Mar 2005, Smith, Donald wrote:

> I have thought the ssh bruteforce password guessing we have been seeing
was aimed at routers and other ISP infrastructure devices ALL ALONG.
> When they install the new system they SHOULD change their passwords. They
should consider any passwords and accounts used on that system compromised.
> I would like to perform forensics on the system once you get it if that's
acceptable.
> We can work out details to get me access to a disk image file so I don't
taint the original system. In fact the first thing you should do once you
get it is image the drive and lock the original in a safe (limit access).

and they should:
1) infrastructure acl
2) vty acl
3) change passwds on a 'regular' basis...

not all these things happen, obviously :(



More information about the scg-sec mailing list