[34711] in bugtraq
Re: SMC Routers have remote administration enabled by default
daemon@ATHENA.MIT.EDU (user86)
Thu Apr 29 14:38:40 2004
From: user86 <user86@earthlink.net>
To: bugtraq@securityfocus.com
Date: Thu, 29 Apr 2004 01:37:43 -0400
In-Reply-To: <200404290110.11461.user86@earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200404290137.43983.user86@earthlink.net>
On Thursday 29 April 2004 01:10, user86 wrote:
> On Wednesday 28 April 2004 12:55, user86 wrote:
> > There are two workarounds:
> > 1. Enable the router's firewall in its "Advanced Setup"
> >
> > 2. Forward port 1900 of the router to a non-existent internal IP address
> > (such as 192.168.2.248 if it isn't in use).
>
> A third workaround on the 7008ABR with firmware 1.032 is to go into the
> router's "Advanced Setup" click "System" then "Remote Management" and click
> "Apply" (even without changing any setting) and port 1900 then closes
> itself.
Ugh! Scratch that third workaround! I just found out that that third
workaround only works as long as the router stays up. If the router is
rebooted for *any* reason, such as during a power outage or by the user
through the web interface, port 1900 is open again when the router boots back
up!
