[EAS] [BC] EAS Zombie Attack
ray at electronicstheory.com
ray at electronicstheory.com
Tue Feb 12 17:52:38 CST 2013
Busy Day Today!
I have over 100 of these boxes to look at. I'm recording logs and mailing them
off - and I'm not done yet.
Being ANAL about internet security - I need to pass on some "need to know"
information to all of you:
This isn't just about any particular manufacturer's web interface, nor about
changing from default passwords (which should be standard operating practice for
everyone). This problem is a bit more developed than the news knows about.
Lets keep this in our group though shall we?
Some of the boxes we have that are "in the wild" (not on our VPN) have had
people testing the fences so to speak.
Testing heck - they are using a "brute force password attack" that resembles a
battle tank trying to tango.
Here's the catch - they aren't just trying to get in through the web interface!
As we speak - all of our "exposed" boxes have a bot knocking on them, trying to
access the root or NOUSER passwords to the shell/terminal (Not just the web
interface!) So far on our boxes - they have been unsuccessful, as we've changed
our root passwords, and they aren't based on a dictionary word.
If you haven't done that - do so NOW!
Furthermore - they are using the TOR network to hide their IP, and it seems from
their fingerprints that they are not from a single person/source.
LOOK AT YOUR SECURITY LOGS!!!
If you see repeated failed logins, pass it along to your manufacturer!
Lets help find the culprits!
Ray Dall
Radio Frequency Engineer
More information about the EAS
mailing list