[AusNOG] Vyatta PortScanning

James Braunegg james.braunegg at micron21.com
Thu Jul 24 22:12:09 EST 2014


Dear Daniel

I'm going to suggest formatting and starting again... To be honest I was very surprised......

One.. The router was open to HTTPS remote management without any ACL's

Two.. The default password vyatta/vyatta was enabled and provided full access to the GUI

Three.. Anyone who would have gained access saw your configuration including your (encrypted-password ) hashed passwords I would suggest changing all passwords you use immediately

Four.. At this point call it quits and do as Roland suggested start again its more than likely been compromised, it's just not worth risking

Five.. Happy to provide advice on securing your setup, we all need to learn however rule 101 always change the default password !

Kindest Regards

James Braunegg
P:  1300 769 972  |  M:  0488 997 207 |  D:  (03) 9751 7616
E:   james.braunegg at micron21.com<mailto:james.braunegg at micron21.com>  |  ABN:  12 109 977 666
W:  www.micron21.com/ddos-protection<http://www.micron21.com/ddos-protection>   T: @micron21


[Description: Description: Description: Description: M21.jpg]
This message is intended for the addressee named above. It may contain privileged or confidential information. If you are not the intended recipient of this message you must not use, copy, distribute or disclose it to anyone other than the addressee. If you have received this message in error please return the message to the sender by replying to it and then delete the message from your computer.

From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Daniel Watson
Sent: Thursday, July 24, 2014 8:35 PM
To: ausnog at lists.ausnog.net
Subject: [AusNOG] Vyatta PortScanning

Hi Guys

I have a router, which might be causing us a bit of grief at present,

We were alerted to the fact that our router might be port scanning of some sorts


Source(s): 1.0.4.76

Type of Attack/Scan: Generic

Hosts: 10.10.10.11

Log:



1.0.4.76:58639 > 10.10.10.11:443


I was wondering how I can stop this within Vyatta as I cannot see anything in our configuration that would be causing this


Regards,
Daniel Watson
Network Administrator / Network Operations Manager

E Daniel at GloVine.com.au<mailto:Daniel at GloVine.com.au>
W www.GloVine.com.au<http://www.GloVine.com.au>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140724/367fb9ca/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2683 bytes
Desc: image001.jpg
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140724/367fb9ca/attachment-0001.jpg>


More information about the AusNOG mailing list