[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Synful Knock questions...

Subject: Synful Knock questions...
From: rdobbins at arbor.net (Roland Dobbins)
Date: Wed, 16 Sep 2015 21:45:12 +0700
In-reply-to: <CAOe-DYCFfTd2uTpbY9s5ikd4zpUQiUi5M2zevG14s=Br6BOvrA@mail.gmail.com>
References: <[email protected]> <CAOhg=RzdgyUOF5t_4vba5Voxy9tr6W-_sgFdEzu9r7RDrajAbA@mail.gmail.com> <[email protected]> <[email protected]> <[email protected]> <CAOe-DYCFfTd2uTpbY9s5ikd4zpUQiUi5M2zevG14s=Br6BOvrA@mail.gmail.com>

On 16 Sep 2015, at 21:00, Michael Douglas wrote:

> It's unlikely the routers that got exploited were the initial entry 
> point of the attack.

I understand all that, thanks.

> At this point when they start messing around with routers, you're 
> going to
> see activity coming from the intended internal management range using 
> legit
> credentials.

It would still be quite difficult, and readily detected if accomplished, 
had BCPs such as AAA, per-command auth, per-command logging, and 
monitoring of same been implemented.  Plus, iACLs would prevent C&C 
comms, and monitoring of all traffic to/from router interfaces would 
potentially pick that up, as well.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>

References:
- Synful Knock questions...
  - From: eric-list at truenet.com (eric-list at truenet.com)
- Synful Knock questions...
  - From: jake.mertel at ubiquityhosting.com (Jake Mertel)
- Synful Knock questions...
  - From: list at satchell.net (Stephen Satchell)
- Synful Knock questions...
  - From: fergdawgster at mykolab.com (Paul Ferguson)
- Synful Knock questions...
  - From: rdobbins at arbor.net (Roland Dobbins)
- Synful Knock questions...
  - From: Michael.Douglas at IEEE.org (Michael Douglas)

Prev by Date: Ashburn
Next by Date: Sign-On Letter to the Court in the FCC's Net Neutrality Case
Previous by thread: Synful Knock questions...
Next by thread: Ashburn
Index(es):
- Date
- Thread