<div dir="ltr">Won't take long to find them all.. only takes about 15 minutes to scan the entire v4 internet with the right resources.</div><div class="gmail_extra"><br clear="all"><div><div dir="ltr"><div><br>...Skeeve</div>
<div><br></div><div><div><b style="font-size:13px;font-family:Calibri">Skeeve Stevens - </b><span style="font-size:13px;font-family:Calibri">eintellego Networks Pty Ltd</span></div><div><div><span style="font-family:Calibri;font-size:13px"><a href="mailto:skeeve@eintellegonetworks.com" target="_blank">skeeve@eintellegonetworks.com</a> ; <a href="http://www.eintellegonetworks.com/" target="_blank">www.eintellegonetworks.com</a></span><font><p style="font-family:Calibri;font-size:13px;margin:0px">
Phone: 1300 239 038; Cell +61 (0)414 753 383 ; <a>skype://skeeve</a></p><p style="font-family:Calibri;font-size:13px;margin:0px"><a href="http://facebook.com/eintellegonetworks" target="_blank">facebook.com/eintellegonetworks</a> ; <a href="http://twitter.com/networkceoau" target="_blank"></a><a href="http://linkedin.com/in/skeeve" target="_blank">linkedin.com/in/skeeve</a> </p>
<p style="font-family:Calibri;font-size:13px;margin:0px"><a href="http://twitter.com/theispguy" target="_blank">twitter.com/theispguy</a><span style="color:rgb(0,0,0)"> ; blog: </span><a href="http://www.theispguy.com/" target="_blank">www.theispguy.com</a><br>
</p><p style="font-family:Calibri;font-size:13px;margin:0px"><img src="http://eintellegonetworks.com/logos/ein09.png"><br></p><p style="margin:0px"><span style="color:rgb(127,0,127);font-family:Calibri,sans-serif;font-size:13px">The Experts Who The Experts Call</span></p>
</font></div><div style="font-family:Calibri,sans-serif;font-size:14px;color:rgb(127,0,127)"><span style="color:rgb(0,32,96);font-size:13px">Juniper - Cisco </span><span style="color:rgb(0,32,96);font-size:13px">- Cloud</span><span style="color:rgb(0,32,96);font-size:13px"> </span><span style="color:rgb(0,32,96);font-size:13px">- Consulting</span></div>
</div></div></div></div>
<br><br><div class="gmail_quote">On Sat, Jan 4, 2014 at 11:58 AM, Tim March <span dir="ltr"><<a href="mailto:march.tim@gmail.com" target="_blank">march.tim@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Yup...<br>
<br>
<a href="http://threatpost.com/probes-against-linksys-backdoor-port-surging/103410" target="_blank">http://threatpost.com/probes-against-linksys-backdoor-port-surging/103410</a><br>
<br>
<a href="https://isc.sans.org/forums/diary/Scans+Increase+for+New+Linksys+Backdoor+32764+TCP+/17336" target="_blank">https://isc.sans.org/forums/diary/Scans+Increase+for+New+Linksys+Backdoor+32764+TCP+/17336</a><br>
<br>
<br>
T.<br>
<br>
On 4/01/14 2:18 AM, Brad Peczka wrote:<br>
> Evening all,<br>
><br>
> This cropped up on my radar this evening: <a href="https://github.com/elvanderb/TCP-32764" target="_blank">https://github.com/elvanderb/TCP-32764</a><br>
><br>
> There's some better coverage in an Ars article here: <a href="http://arstechnica.com/security/2014/01/backdoor-in-wireless-dsl-routers-lets-attacker-reset-router-get-admin/" target="_blank">http://arstechnica.com/security/2014/01/backdoor-in-wireless-dsl-routers-lets-attacker-reset-router-get-admin/</a><br>
><br>
> In a nutshell, it looks like there's an exploit in a range of Consumer and SOHO routers, whereby an unauthenticated administrative interface is listening on port 32764. Some models are only listening on the LAN interface, some models also listen to the WAN interface. On the right model, you can reset the username/password to one of your choosing and enable the remote administration interface.<br>
><br>
> Would be interesting to see if there's a notable uptick in port scans for this over the coming days... ;-)<br>
><br>
> Regards,<br>
> -Brad.<br>
> _______________________________________________<br>
> AusNOG mailing list<br>
> <a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
> <a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
><br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
PGP/GNUPG Public Key: <a href="http://d3vnu11.com/pub.key" target="_blank">http://d3vnu11.com/pub.key</a><br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</font></span></blockquote></div><br></div>