Re: Cisco Routers Vulnerability

2015-04-19 Thread Doug McIntyre
On Mon, Apr 13, 2015 at 05:03:02PM -0600, Keith Medcalf wrote: > >> It's reported by different customers in different locations so I don't > >> think it's password compromised > > >Have you checked? If the routers had vty access open (ssh or telnet) and > >the passwords were easy to guess, then i

Re: Cisco Routers Vulnerability

2015-04-14 Thread Alain Hebert
Well, Its not like peoples are still using telnet/ssh/web with a password/enable on the net... anymore. We do PCI and it took the better part of 6 month for a Customer Network Engineer to get it right. ( The annoying part is that we cannot do the work for them, we can only hope th

RE: Cisco Routers Vulnerability

2015-04-13 Thread Keith Medcalf
>> It's reported by different customers in different locations so I don't >> think it's password compromised >Have you checked? If the routers had vty access open (ssh or telnet) and >the passwords were easy to guess, then it's more likely that this was a >password compromise. You can test this

RE: Cisco Routers Vulnerability

2015-04-13 Thread Steve Mikulasik
They may want to check if some network engineer got fired recently. Usually these sorts of things relate to a human problem rather than a technical attack. Stephen Mikulasik -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Rashed Alwarrag Sent: Monday, April

Re: Cisco Routers Vulnerability

2015-04-13 Thread Matthew Galgoci
Thus said Rashed Alwarrag on Tue, 14 Apr 2015: > Date: Tue, 14 Apr 2015 00:29:25 +0300 > From: Rashed Alwarrag > To: nanog@nanog.org > Subject: Cisco Routers Vulnerability > > Hi > Today we have a lot of customers report that their Cisco routers got a root > access and the IOS got erased , is ther

Re: Cisco Routers Vulnerability

2015-04-13 Thread George Herbert
A whole pile of new vulnerabilities including remote code exploit were revealed against specific models about 3 weeks ago; I had not heard of any exploits, but, ... Which is why the models and IOS versions would be very useful. On Mon, Apr 13, 2015 at 2:59 PM, Rashed Alwarrag wrote: > Still I d

Re: Cisco Routers Vulnerability

2015-04-13 Thread Rashed Alwarrag
Still I don't have full information from them as it has been reported by different customers and all almost in the same time , I am trying to get some information about , I was just checking if there is known vulnerability has been announced recently regarding this Thanks you guys On Tuesday, Ap

Re: Cisco Routers Vulnerability

2015-04-13 Thread Nick Hilliard
On 13/04/2015 23:48, Rashed Alwarrag wrote: > It's reported by different customers in different locations so I don't > think it's password compromised Have you checked? If the routers had vty access open (ssh or telnet) and the passwords were easy to guess, then it's more likely that this was a

Re: Cisco Routers Vulnerability

2015-04-13 Thread John Schiel
On 04/13/2015 03:49 PM, Rashed Alwarrag wrote: I will try to get those informations If you follow Chris's suggestion, you might get faster resolution. http://tools.cisco.com/security/center/publicationListing.x --John Thanks On Tuesday, April 14, 2015, John Schiel

Re: Cisco Routers Vulnerability

2015-04-13 Thread Rashed Alwarrag
I will try to get those informations Thanks On Tuesday, April 14, 2015, John Schiel wrote: > > > On 04/13/2015 03:29 PM, Rashed Alwarrag wrote: > >> Hi >> Today we have a lot of customers report that their Cisco routers got a >> root >> access and the IOS got erased , is there any known vulnera

Re: Cisco Routers Vulnerability

2015-04-13 Thread Rashed Alwarrag
It's reported by different customers in different locations so I don't think it's password compromised Regards On Tuesday, April 14, 2015, Nick Hilliard wrote: > On 13/04/2015 23:29, Rashed Alwarrag wrote: > > Today we have a lot of customers report that their Cisco routers got a > root > > acc

Re: Cisco Routers Vulnerability

2015-04-13 Thread Daniel Suchy
Hello, ask your customers, if they had VTY access secured properly. Brute-force password attacks against management interface (telnet, SSH) aren't rare these days and once you have management access, you can do anything independently on known code vulnerabilies. With regards, Daniel On 13.4.2015

Re: Cisco Routers Vulnerability

2015-04-13 Thread Nick Hilliard
On 13/04/2015 23:29, Rashed Alwarrag wrote: > Today we have a lot of customers report that their Cisco routers got a root > access and the IOS got erased , is there any known vulnerability in cisco > products thats they report in their Security alerts about this recently ? > is there any one face

Re: Cisco Routers Vulnerability

2015-04-13 Thread John Schiel
On 04/13/2015 03:29 PM, Rashed Alwarrag wrote: Hi Today we have a lot of customers report that their Cisco routers got a root access and the IOS got erased , is there any known vulnerability in cisco products thats they report in their Security alerts about this recently ? is there any one f

Re: Cisco Routers Vulnerability

2015-04-13 Thread Christopher Morrow
http://tools.cisco.com/security/center/publicationListing.x On Mon, Apr 13, 2015 at 5:29 PM, Rashed Alwarrag wrote: > Hi > Today we have a lot of customers report that their Cisco routers got a root > access and the IOS got erased , is there any known vulnerability in cisco > products thats they