Re: login attempt admin/password

Do you have any NetGear Routers deployed at your site?
If so, does username=admin & password=password?

If either one of those answers is no, then you are not vulnerable to
that attack. If you do have a netgear router, but you have changed
the default username or password, you are not vulnerable to that
attack. This alert is just telling you that someone tried to log with
admin/password. It does not tell you if the person stopped at that
attempt, or then attempted another 1000 username/password
combinations.

If you do have a NetGear router, I would recommend restricting access
to it to only the IP's that need to get to it using a host or network
based firewall, or both.

Regards,

Seth

On 8 Dec 2007 08:51:37 -0000, <tyrian2uk@xxxxxxxxxxx> wrote:
WEB-INSC NetGear router Default password login attempt admin/password


i see this signature detect by IDS

how do i check if it is a threat or not ?


external ip:1710 -> internal IP:80

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------

Relevant Pages

  • RE: login attempt admin/password
    ... do you have a Netgear router? ... WEB-INSC NetGear router Default password login attempt admin/password ... with real-world attacks from CORE IMPACT. ...
    (Focus-IDS)
  • Re: Discovering and Stopping Phishing/Scam Attacks
    ... a FOURTH login field!!! ... > username and password... ... > Find out quickly and easily by testing it with real-world attacks ... > CORE IMPACT. ...
    (Incidents)
  • RE: Discovering and Stopping Phishing/Scam Attacks
    ... the username will be locked and a mail will be send from ... schemes but it wouldnt take a lot for the phishers to come up with a ... > Find out quickly and easily by testing it with real-world attacks ... > CORE IMPACT. ...
    (Incidents)
  • Re: Worm targets Mipsel GNU/Linux based routers
    ... > And this needs to be accessible from the world with a "admin" username ... On the Netgear router which I use, one has to explicity turn on access for remote ... So some manufacturers are getting it right, ...
    (alt.os.linux.suse)
Quantcast