[EAS] [BC] EAS Zombie Attack

Mike Benonis mjb8h at vt.edu
Tue Feb 12 18:01:18 CST 2013 

I have to ask--why on earth would an ENDEC be set up to be routable from the public internet anyway?  In my eyes, they should only be on secure private networks with a firewall device (professional grade, not Linksys or Netgear) in front of them.  IPSec tunnels for remote access are not hard to configure these days and provide adequate security for these types of situations.

Of course, only properly set device passwords will help with internal attacks.

Mike

On 12 Feb 2013, at 18:52, "ray at electronicstheory.com" <ray at electronicstheory.com> wrote:

> Busy Day Today!
> 
> I have over 100 of these boxes to look at.  I'm recording logs and mailing them
> off - and I'm not done yet.
> 
> Being ANAL about internet security - I need to pass on some "need to know"
> information to all of you:
> This isn't just about any particular manufacturer's web interface, nor about
> changing from default passwords (which should be standard operating practice for
> everyone).  This problem is a bit more developed than the news knows about.
> Lets keep this in our group though shall we?
> 
> Some of the boxes we have that are "in the wild" (not on our VPN) have had
> people testing the fences so to speak.
> 
> Testing heck - they are using a "brute force password attack" that resembles a
> battle tank trying to tango.
> 
> Here's the catch - they aren't just trying to get in through the web interface!
> As we speak - all of our "exposed" boxes have a bot knocking on them, trying to
> access the root or NOUSER passwords to the shell/terminal (Not just the web
> interface!)  So far on our boxes - they have been unsuccessful, as we've changed
> our root passwords, and they aren't based on a dictionary word.
> If you haven't done that - do so NOW!
> 
> Furthermore - they are using the TOR network to hide their IP, and it seems from
> their fingerprints that they are not from a single person/source.
> 
> LOOK AT YOUR SECURITY LOGS!!!
> If you see repeated failed logins, pass it along to your manufacturer!
> 
> Lets help find the culprits!
> 
> Ray Dall
> Radio Frequency Engineer
> 
> 
> __________________________________________________________
> The EAS Forum Discussion List is hosted by the BWWG (Broadcast Warning Working Group). http://eas.radiolists.net
> Please invite your friends to join our Forum! The sign up is at: http://lists.radiolists.net/mailman/listinfo/eas
> ___________________________________________________________
>

More information about the EAS mailing list