Bugtraq mailing list archives
Re: [In]security in USR TotalSwitch
From: lou () ZAPHOD ECE CMU EDU (Lou Anschuetz)
Date: Mon, 21 Dec 1998 09:39:22 -0500
I searched the archives, with no luck finding anything about this. Recently a bunch of USR TotalSwitch (chassis which takes 5 cards, 10 / 100 / fddi / whatever, and a network management card) units went up for auction, and I know a lot of people purchased them, hence my concern. The switch is managable via snmp, telnet or a console port. Using the management features, you can disable / enable certain ports, configure IP routes and such. The management software allows you to set a password to access the switch (either by telnet or the console). Of course, there is a back-door so techs could reset or debug the unit if they didn't have the password. Unfortunately, this backdoor is not limited to the console port like it should be. It is possible to telnet to the switch, enter a "secret code" (which is readily available, for everyone's sake I won't give it out here) and do a memory dump to see the plaintext password. Solution: 3COM - limit this functionality to the console port ONLY. End-user - add an access list to filter telnet to your switch's IP address from outside your network. P.S. If anyone knows where to get the 100btx cards for this thing, please e-mail me! Reguards,
3COM did put out a patch for this, though it was rather quietly - it also effects all CoreBuilder switches. Fortunately, I only buy un-managed 3COM stuff. Everything that is a switch (or above) is Cisco. -- - Lou Anschuetz, lou () ece cmu edu Network Manager, ECE, Carnegie Mellon University
Current thread:
- [In]security in USR TotalSwitch Adam Maloney (Dec 15)
- DCC HiJacking patch for BitchX 75p1 Alessio Orlandi (Oct 18)
- Re: DCC HiJacking patch for BitchX 75p1 Andy Dills (Dec 21)
- Re: DCC HiJacking patch for BitchX 75p1 Ben Winslow (Dec 21)
- Re: DCC HiJacking patch for BitchX 75p1 mikey (Dec 22)
- Re: DCC HiJacking patch for BitchX 75p1 YounGoat (Dec 22)
- Re: [In]security in USR TotalSwitch Lou Anschuetz (Dec 21)
- <Possible follow-ups>
- Re: [In]security in USR TotalSwitch Adam Maloney (Dec 21)
- DCC HiJacking patch for BitchX 75p1 Alessio Orlandi (Oct 18)