Cisco Botnets?
I've never heard of a Cisco botnet but I suppose it's possible. The details are awfully vague and it could mean just about anything. If you're still in the stone age and using publicly exposed telnet services it might be a good time to change that.
XYZ has been able to identify a botnet that is
actively scanning on port 23/tcp and is targeting Cisco devices such as
routers for exploit and access. The activity has taken place in
multiple short-term durations; targeting a variety of Internet address
segments. Multiple successful exploits have been identified; gaining
"enable" and/or "console" passwords for the devices. The exploit is not
limited to weak passwords. At this time, it is not clear exactly what
exploit is being used to attack the routers nor for what function the
routers might be used. However, this capability could be used by
malicious users to launch DDoS attacks, sniff private network traffic,
change routing on networks, subvert Access Control Lists, and/or use the
routers to create logical private networks for the malicious users.
posted by Matt Richard @ 12:08 PM
1 Comments
1 Comments:
i think this botnet just scans for cisco ios telnet prompts. it doesn't do it from cisco routers running ios. although, that does seem possible as well, given suggestion of a ircd written in tcl and modified for use on a cisco router, which headers can be found in
Post a Comment
<< Home