[17898] in bugtraq
Re: Cisco 675 Denial of Service Attack
daemon@ATHENA.MIT.EDU (Kee Hinckley)
Mon Dec 4 13:33:35 2000
Mime-Version: 1.0
Message-Id: <p05010402b64dd6a4c919@[192.168.1.93]>
Date: Fri, 1 Dec 2000 17:38:30 -0500
Reply-To: Kee Hinckley <nazgul@SOMEWHERE.COM>
From: Kee Hinckley <nazgul@SOMEWHERE.COM>
X-To: Erik Parker <eparker@MINDSEC.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.GSO.4.30.0012011234560.10941-100000@noella.mindsec.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 12:36 PM -0800 12/1/00, Erik Parker wrote:
>Or the ability to change it.. You can't change the Cisco 675 out of Bridge
>mode into Route mode without the cooperation of Qwest/Whoever. They have
>to make changes on their router as well. I went through this for a week
>with Flashcom, to get out of briding mode.
>
>Most never get their password for their Cisco either, however you can dump
>the memory in the CBOS on boot, and read the "encrypted" password, which
>is an off-by-2 sequence.. Where c is a, and e is c, and so on.
I've been meaning to release a notice on this for some time, but
since we're on the topic already.
Not only does the memory dump display the passwords ROT2, but if you
enable the tftp server (it's not on by default, thank goodness), the
"encrypted" passwords are accessible to anyone on the internet.
Enabling the tftp server is suggested as a way to backup the
parameter settings. Doing so is definitely a *very* bad idea. The
tftp server should either be modified to not dump the passwords, or
substantially better encryption should be used.
Just to magnify this problem, at least one ISP in the Northeast is
using the same router password for *all* of their DSL clients.
Therefore, one open tftp server (never mind a disgruntled employee or
customer who looks over the installer's shoulder) could cause a major
routing (and customer support) disaster.
- --
Kee Hinckley - Somewhere.Com, LLC - Cyberspace Architects
Now Playing - Folk, Rock, and odd stuff - http://www.somewhere.com/radio.pls
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>
iQA/AwUBOigofyZsPfdw+r2CEQKrWwCdHso0zquZoHAq3lC5Wvpn5fPtX/wAoPzt
MFx/tpw5jKZLhL+K2KIAnNXJ
=0+S2
-----END PGP SIGNATURE-----
