Hello,

I wanted to post this here at the Cisco forum because the people here have been very helpful and knowledgeable before. This questions isn't related to Cisco equipment however, I'm still hoping someone can shed some light on this for me.

At my wife's company, she has three computers on her desk all requiring internet access. There is only one Ethernet port at her desk and the companie's IT department has failed for over a year to provide her with a switch to connect all three workstations despite repeated promises to do so. The other day I gave her an older SignaMax 24 port 10/100 L2 switch I had laying around and told her she could use that for the time being. She took it with her an connected it according to my instructions and of cores was finally able to accomplish the goal.

This morning, she went in to find the switch removed with a claim from the IT person that they got hacked because of it. I have no further details other than that.

I fail to see how that was possible. The switch was in it's default configuration. My question is, how could that be possible?? I can't figure out a way other than physical access to the switch that someone could have used it to compromise the network from the outside. While it has a management interface of corse, how would one obtain access to it from outside the network without port forwarding or an ACL allowing access on the firewall? How could an attacker used that switch to compromise the network?

Any theories would be much appreciated.

Thanks.