Do you have any NetGear Routers deployed at your site? If so, does username=admin & password=password?
If either one of those answers is no, then you are not vulnerable to that attack. If you do have a netgear router, but you have changed the default username or password, you are not vulnerable to that attack. This alert is just telling you that someone tried to log with admin/password. It does not tell you if the person stopped at that attempt, or then attempted another 1000 username/password combinations. If you do have a NetGear router, I would recommend restricting access to it to only the IP's that need to get to it using a host or network based firewall, or both. Regards, Seth On 8 Dec 2007 08:51:37 -0000, <[EMAIL PROTECTED]> wrote: > WEB-INSC NetGear router Default password login attempt admin/password > > > i see this signature detect by IDS > > how do i check if it is a threat or not ? > > > external ip:1710 -> internal IP:80 > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > to learn more. > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
