[AusNOG] Port 32764 Remote Admin Vulnerability?

Skeeve Stevens skeeve+ausnog at eintellegonetworks.com
Sat Jan 4 15:55:03 EST 2014


Yup.... that and a dozen servers on AWS for an hour will cost you about $1
;-)


...Skeeve

*Skeeve Stevens - *eintellego Networks Pty Ltd
skeeve at eintellegonetworks.com ; www.eintellegonetworks.com

Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
linkedin.com/in/skeeve

twitter.com/theispguy ; blog: www.theispguy.com


The Experts Who The Experts Call
Juniper - Cisco - Cloud - Consulting


On Sat, Jan 4, 2014 at 3:37 PM, Tim March <march.tim at gmail.com> wrote:

>
> https://zmap.io/
>
> Enjoy =)
>
>
>
> T.
>
> On 4/01/14 3:25 PM, Skeeve Stevens wrote:
> > Won't take long to find them all.. only takes about 15 minutes to scan
> > the entire v4 internet with the right resources.
> >
> >
> > ...Skeeve
> >
> > *Skeeve Stevens - *eintellego Networks Pty Ltd
> > skeeve at eintellegonetworks.com
> > <mailto:skeeve at eintellegonetworks.com> ; www.eintellegonetworks.com
> > <http://www.eintellegonetworks.com/>
> >
> > Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
> >
> > facebook.com/eintellegonetworks
> > <http://facebook.com/eintellegonetworks> ; <
> http://twitter.com/networkceoau>linkedin.com/in/skeeve
> > <http://linkedin.com/in/skeeve>
> >
> > twitter.com/theispguy <http://twitter.com/theispguy> ;
> > blog: www.theispguy.com <http://www.theispguy.com/>
> >
> >
> > The Experts Who The Experts Call
> >
> > Juniper - Cisco - Cloud - Consulting
> >
> >
> > On Sat, Jan 4, 2014 at 11:58 AM, Tim March <march.tim at gmail.com
> > <mailto:march.tim at gmail.com>> wrote:
> >
> >
> >     Yup...
> >
> >
> http://threatpost.com/probes-against-linksys-backdoor-port-surging/103410
> >
> >
> https://isc.sans.org/forums/diary/Scans+Increase+for+New+Linksys+Backdoor+32764+TCP+/17336
> >
> >
> >     T.
> >
> >     On 4/01/14 2:18 AM, Brad Peczka wrote:
> >     > Evening all,
> >     >
> >     > This cropped up on my radar this evening:
> >     https://github.com/elvanderb/TCP-32764
> >     >
> >     > There's some better coverage in an Ars article here:
> >
> http://arstechnica.com/security/2014/01/backdoor-in-wireless-dsl-routers-lets-attacker-reset-router-get-admin/
> >     >
> >     > In a nutshell, it looks like there's an exploit in a range of
> >     Consumer and SOHO routers, whereby an unauthenticated administrative
> >     interface is listening on port 32764. Some models are only listening
> >     on the LAN interface, some models also listen to the WAN interface.
> >     On the right model, you can reset the username/password to one of
> >     your choosing and enable the remote administration interface.
> >     >
> >     > Would be interesting to see if there's a notable uptick in port
> >     scans for this over the coming days... ;-)
> >     >
> >     > Regards,
> >     > -Brad.
> >     > _______________________________________________
> >     > AusNOG mailing list
> >     > AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
> >     > http://lists.ausnog.net/mailman/listinfo/ausnog
> >     >
> >
> >     --
> >     PGP/GNUPG Public Key: http://d3vnu11.com/pub.key
> >     _______________________________________________
> >     AusNOG mailing list
> >     AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
> >     http://lists.ausnog.net/mailman/listinfo/ausnog
> >
> >
>
> --
> PGP/GNUPG Public Key: http://d3vnu11.com/pub.key
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140104/c57f92f0/attachment.html>


More information about the AusNOG mailing list