[2232] in bugtraq
Re: Livingston bugs...
daemon@ATHENA.MIT.EDU (Jay 'Whip' Grizzard)
Tue Sep 12 19:05:36 1995
Date: Tue, 12 Sep 1995 15:04:04 -0700
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: "Jay 'Whip' Grizzard" <elfchief@lupine.org>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <199509122112.VAA06496@real.com> from "Bret McDanel" at Sep 12,
95 09:12:21 pm
> That is not a solution..
> Portscanning is way to easy, and popular.. everyone has a scanner, everyone
> uses a scanner.. Changing the port would just make it so that they would
> scan for what is there.. Only delay it by a second or two..
Yep. I typically run with an alternate port on my routers, but you're right,
one simple sweep....
> The real solution is to remove all such backdoors.. I dont recall about EVER
> reading about this in the documentation on the router.. If this is in there,
> what else is there? Is there a back door that would give someone root on the
> router?
Actually, yes, there is, but it requires a bit more effort. If you have
a -physical- connection to the router (via it's console port), you can
"override" the root password and get into a challenge-response system, at
which point you can then call livingston, tell them the challenge, and get
the response to let you into the router.
It's certainly not an easilly exploitable back-door, but certainly a concern
for those who can't assure physical security...
-WW
