[12219] in bugtraq
Re: KSR[T] Advisories #012: Hybrid Network's Cable Modems
daemon@ATHENA.MIT.EDU (Jon Paul, Nollmann)
Tue Oct 12 16:27:08 1999
Message-Id: <m11awNT-000yDNC@scintilla.balltech.net>
Date: Tue, 12 Oct 1999 00:29:43 -0700
Reply-To: sinster@BALLTECH.NET
From: "Jon Paul, Nollmann" <sinster@BALLTECH.NET>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.SOL.4.10.9910071621220.1614-100000@csa.bu.edu> (message
from Lars Kellogg-Stedman on Thu, 7 Oct 1999 16:36:27 -0400)
Sorry, but I missed the first post.
I tried out all three clients, and they all work against Hybrid radio
networking modems. These are used by a number of radio network
providers, who provide long-haul (20km+) high speed (1Mbps) radio
service. The specific one I'm using is the CCM-231 (if you read the
case) or the CCM-311 (if you use the "version" HSMP command). NOS
version 70471.
At this point, I'd assume that the exploit applies to all of Hybrid's
product line.
My provider spoke with Hybrid this morning, and apparently Hybrid has
a patch for the problem that fixes it in some unspecified way. According
to my provider, Hybrid merely said that "only people you allow will be
able to configure the modems" but that they made clear that remote
configuration was still enabled. Maybe they'll use a password (easily
sniffable). I think it's more likely at this point that Hybrid will
merely check the source address (!) of the packets, and compare those
addresses with a table configured by the provider.
I'd like to believe that Hybrid will fix this in a sane way, but since
they're remaining hush-hush about the fix, I think the chances of that
are very slim.
--
Jon Paul Nollmann ne' Darren Senn sinster@balltech.net
Unsolicited commercial email will be archived at $1/byte/day.
Dis.Org's propensity for casual violence is little different from that of
any street gang. Carolyn Meinel
--
Jon Paul Nollmann ne' Darren Senn sinster@balltech.net
Unsolicited commercial email will be archived at $1/byte/day.
"Tis better to remain silent and be thought a fool, than to speak up and
remove all doubt." Benjamin Franklin
