[scg-sec] FreeBSD exploit?
Paul Goyette
pgoyette at juniper.net
Fri Mar 4 14:20:11 EST 2005
Yeah, I have a conf call with them shortly and I will stress
the obvious!
Thanks everyone for the quick responses!
-----Original Message-----
From: Christopher L. Morrow [mailto:christopher.morrow at mci.com]
Sent: Friday, March 04, 2005 11:14 AM
To: Smith, Donald
Cc: Paul Goyette; Skitter List
Subject: RE: [scg-sec] FreeBSD exploit?
On Fri, 4 Mar 2005, Smith, Donald wrote:
> I have thought the ssh bruteforce password guessing we have been seeing
was aimed at routers and other ISP infrastructure devices ALL ALONG.
> When they install the new system they SHOULD change their passwords. They
should consider any passwords and accounts used on that system compromised.
> I would like to perform forensics on the system once you get it if that's
acceptable.
> We can work out details to get me access to a disk image file so I don't
taint the original system. In fact the first thing you should do once you
get it is image the drive and lock the original in a safe (limit access).
and they should:
1) infrastructure acl
2) vty acl
3) change passwds on a 'regular' basis...
not all these things happen, obviously :(
More information about the scg-sec
mailing list