[AusNOG] Port 32764 Remote Admin Vulnerability?

Tim March march.tim at gmail.com
Sat Jan 4 15:37:11 EST 2014 

https://zmap.io/

Enjoy =)



T.

On 4/01/14 3:25 PM, Skeeve Stevens wrote:
> Won't take long to find them all.. only takes about 15 minutes to scan
> the entire v4 internet with the right resources.
> 
> 
> ...Skeeve
> 
> *Skeeve Stevens - *eintellego Networks Pty Ltd
> skeeve at eintellegonetworks.com
> <mailto:skeeve at eintellegonetworks.com> ; www.eintellegonetworks.com
> <http://www.eintellegonetworks.com/>
> 
> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
> 
> facebook.com/eintellegonetworks
> <http://facebook.com/eintellegonetworks> ; <http://twitter.com/networkceoau>linkedin.com/in/skeeve
> <http://linkedin.com/in/skeeve> 
> 
> twitter.com/theispguy <http://twitter.com/theispguy> ;
> blog: www.theispguy.com <http://www.theispguy.com/>
> 
> 
> The Experts Who The Experts Call
> 
> Juniper - Cisco - Cloud - Consulting
> 
> 
> On Sat, Jan 4, 2014 at 11:58 AM, Tim March <march.tim at gmail.com
> <mailto:march.tim at gmail.com>> wrote:
> 
> 
>     Yup...
> 
>     http://threatpost.com/probes-against-linksys-backdoor-port-surging/103410
> 
>     https://isc.sans.org/forums/diary/Scans+Increase+for+New+Linksys+Backdoor+32764+TCP+/17336
> 
> 
>     T.
> 
>     On 4/01/14 2:18 AM, Brad Peczka wrote:
>     > Evening all,
>     >
>     > This cropped up on my radar this evening:
>     https://github.com/elvanderb/TCP-32764
>     >
>     > There's some better coverage in an Ars article here:
>     http://arstechnica.com/security/2014/01/backdoor-in-wireless-dsl-routers-lets-attacker-reset-router-get-admin/
>     >
>     > In a nutshell, it looks like there's an exploit in a range of
>     Consumer and SOHO routers, whereby an unauthenticated administrative
>     interface is listening on port 32764. Some models are only listening
>     on the LAN interface, some models also listen to the WAN interface.
>     On the right model, you can reset the username/password to one of
>     your choosing and enable the remote administration interface.
>     >
>     > Would be interesting to see if there's a notable uptick in port
>     scans for this over the coming days... ;-)
>     >
>     > Regards,
>     > -Brad.
>     > _______________________________________________
>     > AusNOG mailing list
>     > AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>     > http://lists.ausnog.net/mailman/listinfo/ausnog
>     >
> 
>     --
>     PGP/GNUPG Public Key: http://d3vnu11.com/pub.key
>     _______________________________________________
>     AusNOG mailing list
>     AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>     http://lists.ausnog.net/mailman/listinfo/ausnog
> 
> 

-- 
PGP/GNUPG Public Key: http://d3vnu11.com/pub.key

More information about the AusNOG mailing list