HackDig : Dig high-quality web security articles for hacker

Scanning for Fortinet ssh backdoor, (Thu, Jan 21st)

2016-01-22 01:00

On 11 Jan, a Python script was posted on the full-disclosure mailing list that took advantage of a hardcoded ssh password in some older versions of various products from Fortinet (see complete list in Ref [1] below). Looking at our collected ssh data, weve seen an increase in scanning for those devices in the days since the revelation of the vulnerability. Nearly all of this scanning has come from two IPs in China (124.160.116.194 and 183.131.19.18). So if you haven" />

References:

[1]http://www.fortiguard.com/advisory/multiple-products-ssh-undocumented-login-vulnerability

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.


Source: ssr;pma&53602=diyrots?lmth.yraid/ude.snas.csi

Read:2525 | Comments:0 | Tags:No Tag

“Scanning for Fortinet ssh backdoor, (Thu, Jan 21st)”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud