[AusNOG] Vyatta PortScanning
James Hodgkinson
yaleman at ricetek.net
Thu Jul 24 21:18:06 EST 2014
Also:
a) why is that device responding with its web interface to the open
internet?
b) have you run netstat on it to see what process is making connections to
HTTPS on what I hope is your internal network?
James
On 24 July 2014 21:10, Roland Dobbins <rdobbins at arbor.net> wrote:
>
> On Jul 24, 2014, at 5:34 PM, Daniel Watson <Daniel at glovine.com.au> wrote:
>
> > I was wondering how I can stop this within Vyatta as I cannot see
> anything in our configuration that would be causing this
>
> Vyatta is a software-based router which runs on top of Linux and/or in a
> VM environment. If this scanning is originating from the box, that means
> it's been compromised.
>
> If it's been compromised, then you need to scrub it down to the bare
> metal, re-install it sitting behind a stateful firewall, patch it, and
> secure it before you re-install Vyatta and place it outside the stateful
> firewall to resume its routing duties.
>
> ----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>
> Equo ne credite, Teucri.
>
> -- Laocoön
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140724/561436d6/attachment.html>
More information about the AusNOG
mailing list