[AusNOG] Port 32764 Remote Admin Vulnerability?
Tim March
march.tim at gmail.com
Sat Jan 4 11:58:16 EST 2014
Yup...
http://threatpost.com/probes-against-linksys-backdoor-port-surging/103410
https://isc.sans.org/forums/diary/Scans+Increase+for+New+Linksys+Backdoor+32764+TCP+/17336
T.
On 4/01/14 2:18 AM, Brad Peczka wrote:
> Evening all,
>
> This cropped up on my radar this evening: https://github.com/elvanderb/TCP-32764
>
> There's some better coverage in an Ars article here: http://arstechnica.com/security/2014/01/backdoor-in-wireless-dsl-routers-lets-attacker-reset-router-get-admin/
>
> In a nutshell, it looks like there's an exploit in a range of Consumer and SOHO routers, whereby an unauthenticated administrative interface is listening on port 32764. Some models are only listening on the LAN interface, some models also listen to the WAN interface. On the right model, you can reset the username/password to one of your choosing and enable the remote administration interface.
>
> Would be interesting to see if there's a notable uptick in port scans for this over the coming days... ;-)
>
> Regards,
> -Brad.
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
--
PGP/GNUPG Public Key: http://d3vnu11.com/pub.key
More information about the AusNOG
mailing list