Bugtraq mailing list archives
Re: Livingston bugs...
From: elfchief () lupine org (Jay 'Whip' Grizzard)
Date: Tue, 12 Sep 1995 15:04:04 -0700
That is not a solution.. Portscanning is way to easy, and popular.. everyone has a scanner, everyone uses a scanner.. Changing the port would just make it so that they would scan for what is there.. Only delay it by a second or two..
Yep. I typically run with an alternate port on my routers, but you're right, one simple sweep....
The real solution is to remove all such backdoors.. I dont recall about EVER reading about this in the documentation on the router.. If this is in there, what else is there? Is there a back door that would give someone root on the router?
Actually, yes, there is, but it requires a bit more effort. If you have a -physical- connection to the router (via it's console port), you can "override" the root password and get into a challenge-response system, at which point you can then call livingston, tell them the challenge, and get the response to let you into the router. It's certainly not an easilly exploitable back-door, but certainly a concern for those who can't assure physical security... -WW
Current thread:
- Re: Livingston bugs... Bret McDanel (Sep 12)
- Re: Livingston bugs... Jay 'Whip' Grizzard (Sep 12)