Comments on: Cisco router gets hacked – attacker adds tunnel http://cinci2600.com/345/cisco-router-gets-hacked-attacker-adds-tunnel/ Technology and Security in Today's Fast-Paced Society Fri, 03 Sep 2010 16:46:58 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: vom http://cinci2600.com/345/cisco-router-gets-hacked-attacker-adds-tunnel/comment-page-1/#comment-1433 vom Fri, 08 May 2009 00:47:41 +0000 http://cinci2600.com/?p=345#comment-1433 xio2: the real reason you would configure a tunnel from a router back to $something, is to forward IP packets through it, and have your own 'exit node' on the net. Think of it as a much faster, private-just-for-you Tor exit node. So (I may not be understanding your question correctly), ssh/telnet was simply used to get into the router. The tunnel is ROUTING full IP. So it's even more than Tor (UDP,etc). You basically are sitting 'behind' that router as if you were at that companies site / data center. It's like open wifi but accessible from anywhere on the net, not just from the driveway :) xio2: the real reason you would configure a tunnel from a router back to $something, is to forward IP packets through it, and have your own ‘exit node’ on the net. Think of it as a much faster, private-just-for-you Tor exit node. So (I may not be understanding your question correctly), ssh/telnet was simply used to get into the router. The tunnel is ROUTING full IP. So it’s even more than Tor (UDP,etc). You basically are sitting ‘behind’ that router as if you were at that companies site / data center. It’s like open wifi but accessible from anywhere on the net, not just from the driveway :)

]]> By: chris http://cinci2600.com/345/cisco-router-gets-hacked-attacker-adds-tunnel/comment-page-1/#comment-1394 chris Wed, 06 May 2009 20:50:08 +0000 http://cinci2600.com/?p=345#comment-1394 i finally got around to reading the article, and it's pretty cool. the comment about cliff stoll's assessment on people who look over their shoulders is an interesting one. what the article doesn't mention is how much time was spent checking redundant change management systems before contacting the incident response team? here's a sobering thought: how many companies don't have change management systems, incident response teams, or log alert systems like rancid? i finally got around to reading the article, and it’s pretty cool.

the comment about cliff stoll’s assessment on people who look over their shoulders is an interesting one.

what the article doesn’t mention is how much time was spent checking redundant change management systems before contacting the incident response team?

here’s a sobering thought: how many companies don’t have change management systems, incident response teams, or log alert systems like rancid?

]]> By: xio2 http://cinci2600.com/345/cisco-router-gets-hacked-attacker-adds-tunnel/comment-page-1/#comment-306 xio2 Tue, 31 Mar 2009 12:14:25 +0000 http://cinci2600.com/?p=345#comment-306 Remote management FTL. Wouldn't SSHing through to a server and back out to the router work just as well? Remote management FTL. Wouldn’t SSHing through to a server and back out to the router work just as well?

]]>