Re: APC 9606 SmartSlot Web/SNMP management card "backdoor"

Grok Headline matches for Re: APC 9606 SmartSlot Web/SNMP management card "backdoor"

APC 9606 SmartSlot Web/SNMP management
card "backdoor"

APC 9606 SmartSlot Web/SNMP management
card "backdoor" 02/17/2004 01:04 PM
Dave Tarbatt (Feb 16 2004)

Re: Fw: APC 9606 SmartSlot Web/SNMP
management card "backdoor" - MORE
PROBLEMS

Re: Fw: APC 9606 SmartSlot Web/SNMP
management card "backdoor" - MORE
PROBLEMS 02/18/2004 05:19 PM
Thomas M. Payerle (Feb 17 2004)

Fw: APC 9606 SmartSlot Web/SNMP
management card "backdoor" - MORE
PROBLEMS

Fw: APC 9606 SmartSlot Web/SNMP
management card "backdoor" - MORE
PROBLEMS 02/17/2004 05:11 PM
thiago.vazquez_at_light.com.br (Feb 17 2004)

APC 9606 SmartSlot Web/SNMP management
card "backdoor" - Telnet can't be
disabled.

APC 9606 SmartSlot Web/SNMP management
card "backdoor" - Telnet can't be
disabled. 02/19/2004 03:30 PM
David Monosov (Feb 19 2004)

Re: APC 9606 SmartSlot Web/SNMP
management card "backdoor" - Telnet
can't be disabled.

Re: APC 9606 SmartSlot Web/SNMP
management card "backdoor" - Telnet
can't be disabled. 02/19/2004 06:14 PM
Keith Clifton (Feb 19 2004)

Device Server - Web/SNMP Card for UPS
Management: UPSLink

Device Server - Web/SNMP Card for UPS
Management: UPSLink 12/29/2004 05:50 AM
UPSLink is a serial to SNMP converter to control and manage the UPS systems over the network. [PRWEB Dec 29, 2004]

Diebold Global Election Management
System (GEMS) Backdoor Account Allows
Authenticated Users to Modify Votes

Diebold Global Election Management
System (GEMS) Backdoor Account Allows
Authenticated Users to Modify Votes 09/01/2004 04:24 AM
Jérôme (Aug 31 2004)

RE: Diebold Global Election Management
System (GEMS) Backdoor Account
Allows Authenticated Users to Modify
Votes

RE: Diebold Global Election Management
System (GEMS) Backdoor Account
Allows Authenticated Users to Modify
Votes 09/22/2004 11:59 AM
Polazzo Justin (Sep 22 2004)

Re: Diebold Global Election Management
System (GEMS) Backdoor Account Allows
Authenticated Users to Modify Votes

Re: Diebold Global Election Management
System (GEMS) Backdoor Account Allows
Authenticated Users to Modify Votes 09/22/2004 04:45 AM
pressinfo_at_diebold.com (Sep 21 2004)

RE: Diebold Global Election Management
System (GEMS) Backdoor Account
Allows Authenticated Users to Modify
Votes

RE: Diebold Global Election Management
System (GEMS) Backdoor Account
Allows Authenticated Users to Modify
Votes 09/25/2004 01:36 PM
Jeremy Epstein (Sep 23 2004)

PC Job Card Management 1.5

PC Job Card Management 1.5 12/29/2004 09:28 AM
A job card management system for PC workshops.

U.K. debit card processor turns to
password management 'Vault'

U.K. debit card processor turns to
password management 'Vault' 03/17/2005 02:59 AM
With more than 800 hardware and software passwords to keep track of, British debit card transaction vendor Voca Ltd. turned to software from Cyber-Ark to handle the task.

Net-SNMP-5.0.0

Net-SNMP-5.0.0 07/20/2004 10:53 AM

net-snmp

net-snmp 10/28/2003 11:06 PM
Net-SNMP 5.1.pre3 now available

Net-SNMP 5.1 (net-snmp)

Net-SNMP 5.1 (net-snmp) 12/16/2003 02:59 PM
Various tools relating to the Simple Network Managemnet Protocol

Net-SNMP-5.0.1

Net-SNMP-5.0.1 09/09/2004 06:37 PM

SNMP .NET

SNMP .NET 12/16/2003 01:45 PM
Project Started

Akamai or Backdoor?

Akamai or Backdoor? 10/28/2003 11:07 PM

Recently my brother contacted me via IM to ask about some strange network behavior on his machine.  He was using sysinternals tcpview, and noticed that svchost.exe was opening connections to two IP addresses; one on 80.66.x.x subnet, and another somewhere beneath a different 80.x.x.x subnet.  He was concerned because the IP addresses in question showed up as "unassigned EU block" in the RIPE database.  The closest assigned block to one of the addresses showed up as being assigned to a company in the Netherlands, and the other to a company in Germany (and GeoIP returned the same information using the original IP addresses).

More interesting was the traceroute.  The address that GeoIP reported being in Germany routed to Hurricane Electric in Fremont, California; with the last hop before 80.x.x.x being a 64.x.x.x router in Fremont.  Could someone in Germany actually be within one hop of a router in Fremont? 

After more investigation, we found a google news posting pointing the finger at Windows Update; and particularly to Akamai servers in the 80.x.x.x range.  With a bit more coaxing, we were able to get the RIPE database to reveal that some small subnets within the unassigned blocks were actually assigned to Akamai.  I knew that Windows Update and many other MSFT sites contract to Akamai for edge-caching services, so this was a very plausible resolution.  However, I am left with a few nagging questions:

• Are there any better tools or techniques to find out exactly what chunk of code is accessing the network?  Knowing that svchost.exe is initiating the connection is not very useful.  More useful would be the exact DLL.
• Akamai works by configuring DNS to resolve differently depending on geographic location (ping download.windowsupdate.com to see this in action).  This is a common architecture for our large globally distributed customers' sites who use routing products like Cisco Global Director and F5 3DNS to accomplish this.  However, it leads to a problem -- using reverse DNS from an IP address is rather unlikely to return the same FQDN that was used to resolve the address in the first place.  So starting with an IP address like 80.67.66.16, you have no way of finding out if that was initiated by a call to download122.windowsupdate.com or spywareupload22.gator.com.  And considering the way that Akamai provides services to spyware vendors as well as to MSFT, you can't necessarily trust a network connection just because it is connecting to a block owned by Akamai.  It would be ideal if Akamai offered an IP address lookup service that could be used to verify which of Akamai customers was being serviced by a particular IP.

Without at least one of the two above requests, the only way to verify that the connections were indeed made on behalf of Windows Update was to bounce the service and watch the connections die (and assume Windows Update DLL hadn't been hacked of course).

~

When I first heard that McDonald's was planning to launch a new ad campaign themed "Lovin' It", I immediately got visions of the horribly tacky "Mentos, the Freshmaker!" commercials.  I envisioned some German ad agency telling hapless McDonald's executives, "We know how to make more teens go to McDonald's; we'll use some real groovy stuff and say the words Lovin' It because then kids will think you are cool!"  So today I saw one of the new ads for the first time, and it wasn't all that bad.  Actually it was kind of nice.  It's kind of a feel-good, "happy memories of carefree times" theme, kind of like the Pepsi spots a few years back.

 

SNMP-Multi-2.1

SNMP-Multi-2.1 12/17/2003 11:51 PM

POE-Component-SNMP-0.90

POE-Component-SNMP-0.90 06/10/2004 11:47 PM

snmp-extension 0.2.0

snmp-extension 0.2.0 04/24/2004 03:40 AM
A Net-SNMP extension for giving qdisc/class statistics.

POE-Component-SNMP-0.91

POE-Component-SNMP-0.91 06/12/2004 06:42 AM

SNMP-Simple-0.01

SNMP-Simple-0.01 06/02/2004 12:58 AM

Backdoor.Autoupder Removal

Backdoor.Autoupder Removal 08/12/2004 03:56 AM

US bars backdoor pop-up adverts

US bars backdoor pop-up adverts 08/10/2004 06:56 AM
A US company exploiting a little-known Windows feature has been banned from sending pop-up ads to PC users.

Dynalink routers backdoor?

Dynalink routers backdoor? 09/03/2004 02:29 PM
fabio (Sep 02 2004)

FTC Bars Popup Backdoor Ads

FTC Bars Popup Backdoor Ads 08/10/2004 12:21 PM
Slashdot Aug 10 2004 4:15PM GMT

Backdoor program gets backdoored

Backdoor program gets backdoored 06/13/2004 04:51 PM

Catch an SNMP Trap

Catch an SNMP Trap 04/08/2005 06:47 PM

Nagios snmp plugins

Nagios snmp plugins 03/29/2005 04:41 PM
Nagios snmp plugins on SourceForge

SNMP Trap Translator

SNMP Trap Translator 11/03/2003 04:44 PM
SNMPTT v0.9 has been released

SNMP Trap Translator 0.9

SNMP Trap Translator 0.9 11/03/2003 04:44 PM
An SNMP trap handler for use with NET-SNMP/UCD-SNMP.

SNMP Module for AOLserver 1.11

SNMP Module for AOLserver 1.11 09/07/2004 09:22 PM
An SNMP Module for AOLServer 3.3 with trap agent support.

SNMP Module for AOLserver 1.12

SNMP Module for AOLserver 1.12 09/19/2004 09:19 PM
An SNMP Module for AOLServer 3.3 with trap agent support.

Linux kernel backdoor blocked

Linux kernel backdoor blocked 11/07/2003 08:52 AM
Hints at smarter hacks

Qwest's Backdoor Enterprise Strategy

Qwest's Backdoor Enterprise Strategy 11/04/2003 09:23 PM
Boston.Internet.com Nov 4 2003 8:40PM ET

Netgear's Amusing "fix" for WG602v1
Backdoor

Netgear's Amusing "fix" for WG602v1
Backdoor 06/08/2004 10:40 AM

Re: Backdoor in Fortinet´s firewall
Fortigate

Re: Backdoor in Fortinet´s firewall
Fortigate 06/05/2005 11:39 PM
Posted by Derek Martin, Friday, 3 June

New Bagle opens another spam backdoor

New Bagle opens another spam backdoor 07/16/2004 03:26 AM
ZDNet UK Jul 16 2004 7:47AM GMT
Grok Description matches for Re: APC 9606 SmartSlot Web/SNMP management card "backdoor"
GrokA matches for Re: APC 9606 SmartSlot Web/SNMP management card "backdoor"

Re: APC 9606 SmartSlot Web/SNMP management card "backdoor"

The following phrases have been identified by the grok system as matching this entry: