[AusNOG] Port 32764 Remote Admin Vulnerability?
Skeeve Stevens
skeeve+ausnog at eintellegonetworks.com
Sat Jan 4 15:55:03 EST 2014
Yup.... that and a dozen servers on AWS for an hour will cost you about $1
;-)
...Skeeve
*Skeeve Stevens - *eintellego Networks Pty Ltd
skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
facebook.com/eintellegonetworks ; <http://twitter.com/networkceoau>
linkedin.com/in/skeeve
twitter.com/theispguy ; blog: www.theispguy.com
The Experts Who The Experts Call
Juniper - Cisco - Cloud - Consulting
On Sat, Jan 4, 2014 at 3:37 PM, Tim March <march.tim at gmail.com> wrote:
>
> https://zmap.io/
>
> Enjoy =)
>
>
>
> T.
>
> On 4/01/14 3:25 PM, Skeeve Stevens wrote:
> > Won't take long to find them all.. only takes about 15 minutes to scan
> > the entire v4 internet with the right resources.
> >
> >
> > ...Skeeve
> >
> > *Skeeve Stevens - *eintellego Networks Pty Ltd
> > skeeve at eintellegonetworks.com
> > <mailto:skeeve at eintellegonetworks.com> ; www.eintellegonetworks.com
> > <http://www.eintellegonetworks.com/>
> >
> > Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
> >
> > facebook.com/eintellegonetworks
> > <http://facebook.com/eintellegonetworks> ; <
> http://twitter.com/networkceoau>linkedin.com/in/skeeve
> > <http://linkedin.com/in/skeeve>
> >
> > twitter.com/theispguy <http://twitter.com/theispguy> ;
> > blog: www.theispguy.com <http://www.theispguy.com/>
> >
> >
> > The Experts Who The Experts Call
> >
> > Juniper - Cisco - Cloud - Consulting
> >
> >
> > On Sat, Jan 4, 2014 at 11:58 AM, Tim March <march.tim at gmail.com
> > <mailto:march.tim at gmail.com>> wrote:
> >
> >
> > Yup...
> >
> >
> http://threatpost.com/probes-against-linksys-backdoor-port-surging/103410
> >
> >
> https://isc.sans.org/forums/diary/Scans+Increase+for+New+Linksys+Backdoor+32764+TCP+/17336
> >
> >
> > T.
> >
> > On 4/01/14 2:18 AM, Brad Peczka wrote:
> > > Evening all,
> > >
> > > This cropped up on my radar this evening:
> > https://github.com/elvanderb/TCP-32764
> > >
> > > There's some better coverage in an Ars article here:
> >
> http://arstechnica.com/security/2014/01/backdoor-in-wireless-dsl-routers-lets-attacker-reset-router-get-admin/
> > >
> > > In a nutshell, it looks like there's an exploit in a range of
> > Consumer and SOHO routers, whereby an unauthenticated administrative
> > interface is listening on port 32764. Some models are only listening
> > on the LAN interface, some models also listen to the WAN interface.
> > On the right model, you can reset the username/password to one of
> > your choosing and enable the remote administration interface.
> > >
> > > Would be interesting to see if there's a notable uptick in port
> > scans for this over the coming days... ;-)
> > >
> > > Regards,
> > > -Brad.
> > > _______________________________________________
> > > AusNOG mailing list
> > > AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
> > > http://lists.ausnog.net/mailman/listinfo/ausnog
> > >
> >
> > --
> > PGP/GNUPG Public Key: http://d3vnu11.com/pub.key
> > _______________________________________________
> > AusNOG mailing list
> > AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> >
> >
>
> --
> PGP/GNUPG Public Key: http://d3vnu11.com/pub.key
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140104/c57f92f0/attachment.html>
More information about the AusNOG
mailing list