[10225] in bugtraq
Re: aDSL routers
daemon@ATHENA.MIT.EDU (Chris Shenton)
Thu Apr 15 13:24:29 1999
Date: Wed, 14 Apr 1999 18:55:29 -0400
Reply-To: Chris Shenton <cshenton@UUCOM.COM>
From: Chris Shenton <cshenton@UUCOM.COM>
X-To: David Brumley <dbrumley@GOJU.STANFORD.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: David Brumley's message of "Tue, 13 Apr 1999 23:01:50 -0700"
On Tue, 13 Apr 1999 23:01:50 -0700, David Brumley <dbrumley@GOJU.STANFORD.EDU> said:
David> And at least one manufacturer, flowpoint, sets no admin
David> password. It's in the documentation, so I assume the company
David> already knows about this vulnerability:) System managers who
David> have aDSL access often overlook this, so I thought I'd point it
David> out. A quick fix: disable telnet access to all of your aDSL
David> router IP's. Better fix: set an admin password.
I have a couple other concerns on my 2200 (firmware 3.0.2).
My carrier, Covad, did set a password but it's too easy. You can
restrict IP access to telnet like:
system addTelnetFilter first.host.ip.addr [last.host.ip.addr]
You should also do this for SNMP since it's available to the world
with community "public":
system addSNMPFilter first.host.ip.addr [last.host.ip.addr]
I restrict these to my LAN.
Have you tried an nmap scan on it? It reports "trivial joke" for TCP
sequence predictability. Should allow bad guys to hijack sessions.
Doubleplusungood. I've gotten no feedback from comp.dcom.xdsl or
support@flowpoint.com.
If anyone has clues to protect this I'd like to hear 'em but I fear
it'll require new code and firmware from Flowpoint and they're not
being responsive.
