Good morning everyboy,
since two days, one of our customers has a problem: all outgoing http traffic is redirected to an chinese website hao.360.cn. At first we thouhgt that there is an trojan on the PC, but we found out that the RoS device, which is the router to the internet, is the problem. I tested with a clean live linux from stick direktly on the eth port of the RoS device (SXT) and had the same problems.
After that, i did a portscan from the outside to this device:
Port 3389,8291 and 443 were open before - rest was closed.
We will exchange this device with a freshly installed and afterwards have a close look on it.
Does anybody have anay hint how to get access to this device? The former password was changes.
Any help - as PN to me - will be preciated.
If we can get access, i'll post the result of the research here - if wanted.
Best regards from Germany