Handler on Duty: Didier Stevens
Threat Level: green
Loading...
|
|
Submitted By | Date |
---|---|
Comment | |
2015-12-27 03:19:02 | |
say, another thought, there's a "Snort" rule that appears to alert if a Juniper Network backdoor password attempt was made. (https://gist.github.com/fox-srt/ca94b350f2a91bd8ed3f) does that mean that, with all these port 23 hits happening, that the Juniper backdoor could have been found years ago by pretty much anyone on the Internet who just monitored the actual packets they were being probed with? if any of them were actually such attempts. maybe they'd have to use it to do some scanning themselves to find what it was for though. does anyone do that? | |
2015-12-27 03:18:55 | |
Gee, activity on this ssl port became really strong around the middle of 2012, and the Juniper Networks ssl backdoor showed up around the middle of 2012. Only nobody knew it then. How did that happen? |
CVE # | Description |
---|---|
CVE-2001-0797 | Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin. |
CVE-2015-0014 |