Bugtraq mailing list archives
Re: Default password in Bay Networks switches.
From: dkelson () INCONNECT COM (Dax Kelson)
Date: Wed, 10 Mar 1999 23:20:25 -0700
On Wed, 10 Mar 1999, Dax Kelson wrote:
The Bay Networks case number for this bug/oversight is: 990310-614 Normally "backdoor" passwords on Bay gear only work through the console.
Sorry, should have included this in the first email. Regardless of the existence of backdoors (not to say they aren't evil) it is a good idea to limit who can connect to your equipment over the network. These BayStack switches have a "TELNET Configuration..." menu where you can turn off telnet access and/or limit the IP addresses who are allowed to telnet in. While you're there you should secure your SNMP, which is another item commonly left wide open (any networking equipment, not just Bay). Many networking devices don't have the ability to restrict who can connect to them. Even if the device does have the ability, it is often useful to take care of securing all networking devices at once. One way to do this is to allocate a separate IP network for your network devices. This would mean two IP networks on your physical network, your "main" IP network, and the small "management" IP network. At the gateway (eg a secondary IP on a cisco's ethernet interface) into your management network you configure ACLs to securely control connections to your devices. Of course if the gateway goes down you suddenly can't remotely admin any of the protected devices, a good reason to have an out-of-band management system in place. Comments? Dax Kelson Internet Connect, Inc.
Current thread:
- WinFreez.c, (continued)
- WinFreez.c Delmore (Mar 05)
- The FPSC-IRCD.txt advisory syg FPSC (Mar 07)
- Digital Unix 4 protected password database. James Clement (Mar 08)
- Re: Digital Unix 4 protected password database. Chris Johnson (Mar 09)
- Re: Digital Unix 4 protected password database. Jon Morgan (Mar 10)
- Re: Digital Unix 4 protected password database. Alec Muffett (Mar 10)
- Re: Digital Unix 4 protected password database. Keith Piepho (Mar 10)
- Re: Digital Unix 4 protected password database. Solar Designer (Mar 13)
- Default password in Bay Networks switches. Jan B. Koum (Mar 10)
- Re: Default password in Bay Networks switches. Dax Kelson (Mar 10)
- Re: Default password in Bay Networks switches. Dax Kelson (Mar 10)
- Re: Default password in Bay Networks switches. Igor Sviridov (Mar 11)
- Re: Default password in Bay Networks switches. Rolf Obrecht (Mar 12)
- Re: The FPSC-IRCD.txt advisory Bjarni R. Einarsson (Mar 09)
- Windows NT Screen Saver Vulnerability Aleph One (Mar 09)
- 64 bit Solaris 7 procfs bug Toomas Soome (Mar 09)
- Re: More Internet Explorer zone confusion Jim Frost (Mar 09)
- Re: More Internet Explorer zone confusion Christopher Masto (Mar 08)