Re: Cisco Routers Vulnerability
Thus said Rashed Alwarrag on Tue, 14 Apr 2015: Date: Tue, 14 Apr 2015 00:29:25 +0300 From: Rashed Alwarrag rali.ah...@gmail.com To: nanog@nanog.org Subject: Cisco Routers Vulnerability Hi Today we have a lot of customers report that their Cisco routers got a root access and the IOS got erased , is there any known vulnerability in cisco products thats they report in their Security alerts about this recently ? is there any one face the same issue ? Another strong possibility is a disgruntled former employee or former contractor. -- Matthew Galgoci Network Operations Red Hat, Inc 919.754.3700 x44155 -- “Whatever you do will be insignificant, but it is very important that you do it.” -- Mahatma Gandhi
oss netflow collector/trending/analysis
Hey There, I was just wondering, for people who are doing netflow analysis with open source tools and who are doing at least 10k or more flows per second, what are you using? I know of three tool sets: - The classic osu flow-tools and the modern continuation/fork. - ntop - nfdump/nfsen Is there anything else I've missed? A few folks here really seem to like nfsen/nfdump. Thanks, Matt -- Matthew Galgoci Network Operations Red Hat, Inc 919.754.3700 x44155 -- “Whatever you do will be insignificant, but it is very important that you do it.” -- Mahatma Gandhi
Re: CPE dns hijacking malware
Date: Tue, 12 Nov 2013 06:35:51 + From: Dobbins, Roland rdobb...@arbor.net To: NANOG list nanog@nanog.org Subject: Re: CPE dns hijacking malware On Nov 12, 2013, at 1:17 PM, Jeff Kell jeff-k...@utc.edu wrote: (2) DHCP hijacking daemon installed on the client, supplying the hijacker's DNS servers on a DHCP renewal. Have seen both, the latter being more common, and the latter will expand across the entire home subnet in time (based on your lease interval) I'd (perhaps wrongly) assumed that this probably wasn't the case, as the OP referred to the CPE devices themselves as being malconfigured; it would be helpful to know if the OP can supply more information, and whether or not he'd a chance to examine the affected CPE/end-customer setups. I have encountered a family members provider supplied CPE that had the web server exposed on the public interface with default credentials still in place. It's probably more common than one would expect. -- Matthew Galgoci Network Operations Red Hat, Inc 919.754.3700 x44155 -- It's not whether you get knocked down, it's whether you get up. - Vince Lombardi
