[AusNOG] Port 32764 Remote Admin Vulnerability?

Skeeve Stevens skeeve+ausnog at eintellegonetworks.com
Sat Jan 4 15:25:50 EST 2014


Won't take long to find them all.. only takes about 15 minutes to scan the
entire v4 internet with the right resources.


...Skeeve

*Skeeve Stevens - *eintellego Networks Pty Ltd
skeeve at eintellegonetworks.com ; www.eintellegonetworks.com

Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
linkedin.com/in/skeeve

twitter.com/theispguy ; blog: www.theispguy.com


The Experts Who The Experts Call
Juniper - Cisco - Cloud - Consulting


On Sat, Jan 4, 2014 at 11:58 AM, Tim March <march.tim at gmail.com> wrote:

>
> Yup...
>
> http://threatpost.com/probes-against-linksys-backdoor-port-surging/103410
>
>
> https://isc.sans.org/forums/diary/Scans+Increase+for+New+Linksys+Backdoor+32764+TCP+/17336
>
>
> T.
>
> On 4/01/14 2:18 AM, Brad Peczka wrote:
> > Evening all,
> >
> > This cropped up on my radar this evening:
> https://github.com/elvanderb/TCP-32764
> >
> > There's some better coverage in an Ars article here:
> http://arstechnica.com/security/2014/01/backdoor-in-wireless-dsl-routers-lets-attacker-reset-router-get-admin/
> >
> > In a nutshell, it looks like there's an exploit in a range of Consumer
> and SOHO routers, whereby an unauthenticated administrative interface is
> listening on port 32764. Some models are only listening on the LAN
> interface, some models also listen to the WAN interface. On the right
> model, you can reset the username/password to one of your choosing and
> enable the remote administration interface.
> >
> > Would be interesting to see if there's a notable uptick in port scans
> for this over the coming days... ;-)
> >
> > Regards,
> > -Brad.
> > _______________________________________________
> > AusNOG mailing list
> > AusNOG at lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> >
>
> --
> PGP/GNUPG Public Key: http://d3vnu11.com/pub.key
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140104/a881a35e/attachment.html>


More information about the AusNOG mailing list