[22185] in bugtraq
Re: ZyXEL Prestige 642R: Exposed Admin Services on WAN with Default Password
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Fri Aug 10 11:31:10 2001
Date: Sat, 11 Aug 2001 01:55:35 +1200 (NZST)
Message-ID: <200108101355.BAA232471@ruru.cs.auckland.ac.nz>
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: bugtraq@securityfocus.com, daniel@roe.ch
Daniel Roethlisberger <daniel@roe.ch> writes:
>Unfortunately, though this is how it *should* work -- according to the
>documentation you should be able to specify up to 4 filters delimited by
>commas -- it does *not*. I was only able to get a single filter active at a
>time.
It works, but portions of the filter setup process are severely
underdocumented. You need to be very careful about chaining rules together, so
that the filter sets have to end with a "Check next rule" action for everthing
but the last filter set. If you end with a Drop/Forward action, the filter
does exactly that without checking further rules.
In addition, the filter rules take effect as soon as you exit the individual
filter edit menu, which means if you're making changes to multiple rules and
adding new filter sets, you need to make the changes via the console port
rather than telnet interface because at some point you either have to add a
filter set which isn't configured yet or chain to a filter set which you
haven't added yet, at which point your telnet session dies.
(Neither of these are bugs, just gotchas which are obvious once you think about
it).
>I've notified ZyXEL by email, but got no response.
They're hopeless, and Netgear (who OEM Zyxel stuff) are no better. I have an
ICMP filtering bug (basically the filtering doesn't work) which I've been
trying to bring to their attention for a month or two, I'll post the details
here after one last attempt to contact them.
Peter.
