[11303] in bugtraq
Re: Cisco 675 password nonsense
daemon@ATHENA.MIT.EDU (Dave Dittrich)
Sat Aug 7 02:02:35 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GUL.4.10.9908061106590.14957-100000@red7.cac.washington.edu>
Date: Fri, 6 Aug 1999 11:24:05 -0700
Reply-To: Dave Dittrich <dittrich@CAC.WASHINGTON.EDU>
From: Dave Dittrich <dittrich@CAC.WASHINGTON.EDU>
X-To: Brian Elfert <brian@CITILINK.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.GSO.3.96.990803102140.25468E-100000@citycenter>
> With good reason. In bridging mode with a Windows 9x/NT box, your network
> neighborhood will show everyone else's PC that has any file/print sharing
> enabled. So, it's trivially easy to connect to a non-passworded share.
That depends on the DSL provider, I believe. On my USWest.net DSL
connection, I only see packets on my side of the bridge that are
destined for IP addresses I'm using, or broadcast ethernet/IP packets,
which seems to be the same as what @Home customers (at least the ones
in Seattle I've spoken with) see. I've heard from other DSL customers
that they see everything (like Brian mentions). (Funny that I see lots
of ARP requests from a.b.c.d to a.b.c.e, where e=d+1, repeated over, and
over, and over again...)
(An interesting note is that two DHCP assigned addresses on a hub can be
on two entirely different USWest.net IP networks... good thing I'm not a
Windows user, since Windows can't handle this!)
> Now, ideally, all these shares would be passworded, but we know
> that'll never happen. Not having the shares show up in network
> neighborhood is a bit of security by obscurity, but it's harder to
> connect to a share if it's not in your network neighborhood.
Not really. While I haven't ever seen Network neighborhood
announcements, I do notice that *.scour.net has been trying to make SMB
connections to my Linux box nearly daily for a while, I presume looking
for open file shares with MP3 files so they can grab/index them! USWest
doesn't seem to care about this, at least not responding to my
complaints to .scour.net and their tech support address. Some recent
connections:
Jul 1 00:15:24 209.249.159.31:8000 stone.scour.net
Jul 12 20:04:11 209.249.159.163:137 yavin.scour.net
Jul 12 20:16:48 209.249.159.163:23 yavin.scour.net
Jul 12 20:16:51 209.249.159.163:23 yavin.scour.net
Jul 12 20:16:58 209.249.159.163:23 yavin.scour.net
Jul 12 20:17:10 209.249.159.163:23 yavin.scour.net
Jul 12 20:17:35 209.249.159.163:23 yavin.scour.net
Jul 12 20:18:23 209.249.159.163:23 yavin.scour.net
Jul 12 20:20:00 209.249.159.163:23 yavin.scour.net
Jul 12 20:22:00 209.249.159.163:23 yavin.scour.net
Jun 15 22:49:27 195.154.200.4:554 canalweb2.isdnet.net
Jun 15 22:49:33 195.154.200.4:554 canalweb2.isdnet.net
Jun 15 22:49:46 195.154.200.4:554 canalweb2.isdnet.net
Jun 15 22:50:12 195.154.200.4:554 canalweb2.isdnet.net
Jun 15 22:51:03 195.154.200.4:554 canalweb2.isdnet.net
Jun 15 22:52:45 195.154.200.4:554 canalweb2.isdnet.net
Jun 15 22:56:10 195.154.200.4:554 canalweb2.isdnet.net
Jun 16 20:28:57 209.249.159.46:137 scuzzlebutt.scour.net
Jun 16 22:40:25 209.249.159.46:137 scuzzlebutt.scour.net
Jun 17 00:56:27 209.249.159.46:137 scuzzlebutt.scour.net
Jun 17 02:58:13 209.249.159.46:137 scuzzlebutt.scour.net
Jun 17 04:43:57 209.249.159.46:137 scuzzlebutt.scour.net
Jun 17 06:58:08 209.249.159.46:137 scuzzlebutt.scour.net
Jun 17 06:58:09 209.249.159.46:137 scuzzlebutt.scour.net
Jun 17 21:37:53 209.249.159.46:137 scuzzlebutt.scour.net
Jun 17 23:32:40 209.249.159.46:137 scuzzlebutt.scour.net
Jun 17 23:32:41 209.249.159.46:137 scuzzlebutt.scour.net
Jun 18 01:16:44 209.249.159.46:137 scuzzlebutt.scour.net
Jun 18 03:05:42 209.249.159.46:137 scuzzlebutt.scour.net
Jun 18 04:39:30 209.249.159.46:137 scuzzlebutt.scour.net
Jun 18 04:39:31 209.249.159.46:137 scuzzlebutt.scour.net
Jun 18 05:22:47 209.249.159.31:8000 stone.scour.net
Jun 18 06:21:20 209.249.159.46:137 scuzzlebutt.scour.net
Jun 18 08:13:12 209.249.159.46:137 scuzzlebutt.scour.net
Jun 18 15:23:41 209.249.159.46:137 scuzzlebutt.scour.net
Jun 18 17:35:42 209.249.159.46:137 scuzzlebutt.scour.net
Jun 18 17:35:43 209.249.159.46:137 scuzzlebutt.scour.net
Jun 18 22:11:29 209.249.159.46:137 scuzzlebutt.scour.net
Jun 18 23:53:20 209.249.159.31:8000 stone.scour.net
Jun 18 23:53:21 209.249.159.31:8000 stone.scour.net
Jun 19 00:17:00 209.249.159.46:137 scuzzlebutt.scour.net
Jun 19 02:11:17 209.249.159.46:137 scuzzlebutt.scour.net
Jun 19 04:04:27 209.249.159.46:137 scuzzlebutt.scour.net
Jun 19 05:55:34 209.249.159.46:137 scuzzlebutt.scour.net
Jun 19 07:46:05 209.249.159.46:137 scuzzlebutt.scour.net
Jun 19 09:50:14 209.249.159.46:137 scuzzlebutt.scour.net
Jun 19 12:03:36 209.249.159.46:137 scuzzlebutt.scour.net
Jun 19 17:25:03 209.249.159.46:137 scuzzlebutt.scour.net
Jun 19 19:13:16 209.249.159.31:8000 stone.scour.net
Jun 19 20:04:59 209.249.159.46:137 scuzzlebutt.scour.net
Jun 20 03:34:44 209.249.159.46:137 scuzzlebutt.scour.net
Jun 20 03:34:45 209.249.159.46:137 scuzzlebutt.scour.net
Jun 20 05:24:08 209.249.159.46:137 scuzzlebutt.scour.net
Jun 20 07:32:11 209.249.159.46:137 scuzzlebutt.scour.net
Jun 20 07:32:12 209.249.159.46:137 scuzzlebutt.scour.net
Jun 20 13:57:12 209.249.159.31:8000 stone.scour.net
Jun 20 14:00:15 209.249.159.46:137 scuzzlebutt.scour.net
Jun 21 19:48:25 165.87.194.212:110 pop03.ca.us.ibm.net
Jun 21 19:48:30 165.87.194.212:110 pop03.ca.us.ibm.net
Jun 21 19:48:31 165.87.194.212:110 pop03.ca.us.ibm.net
Jun 21 19:48:45 165.87.194.212:110 pop03.ca.us.ibm.net
Jun 21 19:49:09 165.87.194.212:110 pop03.ca.us.ibm.net
Jun 21 19:49:58 165.87.194.212:110 pop03.ca.us.ibm.net
Jun 21 19:50:01 165.87.194.212:110 pop03.ca.us.ibm.net
Jun 21 19:57:08 207.217.120.49:110 scaup.prod.itd.earthlink.net
Jun 21 19:57:18 207.217.120.49:110 scaup.prod.itd.earthlink.net
Jun 21 19:57:28 207.217.120.49:110 scaup.prod.itd.earthlink.net
Jun 22 06:28:01 207.31.97.178:2446 smtp.amicapital.com
Jun 22 06:28:03 207.31.97.178:2446 smtp.amicapital.com
Jun 23 01:06:19 216.67.24.49:50307 nas-24-49.la.navinet.net
Jun 23 01:06:19 216.67.24.49:50308 nas-24-49.la.navinet.net
Jun 23 01:06:20 216.67.24.49:50308 nas-24-49.la.navinet.net
Jun 23 01:06:20 216.67.24.49:50309 nas-24-49.la.navinet.net
Jun 23 01:06:21 216.67.24.49:50309 nas-24-49.la.navinet.net
Jun 23 01:06:22 216.67.24.49:50310 nas-24-49.la.navinet.net
Jun 23 01:06:23 216.67.24.49:50311 nas-24-49.la.navinet.net
Jun 23 01:06:24 216.67.24.49:50312 nas-24-49.la.navinet.net
Jun 25 08:33:10 207.97.75.100:21986
Jun 28 20:50:21 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:50:22 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:50:23 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:50:24 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:50:26 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:50:28 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:50:31 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:50:36 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:50:43 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:50:56 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:50:59 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:51:05 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:51:06 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:51:17 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:51:18 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:51:43 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:51:52 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:52:31 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:53:24 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:55:24 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:55:36 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:55:37 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:55:38 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:55:39 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:55:40 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:55:42 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:55:45 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:55:46 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:55:48 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:56:00 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:56:25 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:58:55 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 20:59:24 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 21:00:55 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 21:02:55 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 21:54:37 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 21:54:40 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 21:54:46 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 21:54:59 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 21:55:23 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 22:16:30 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 22:18:07 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 28 22:20:13 24.4.191.41:23 cx800766-a.wwck1.ri.home.com
Jun 30 00:22:05 209.249.159.31:8000 stone.scour.net
Jun 30 13:31:41 209.249.159.31:8000 stone.scour.net
--
Dave Dittrich Client Services
dittrich@cac.washington.edu Computing & Communications
University of Washington
<a href="http://www.washington.edu/People/dad/">
Dave Dittrich / dittrich@cac.washington.edu [PGP Key]</a>
