Vulnerability Development mailing list archives
Re: Intel Corporation, Express 550F Switch unlimited password attempts
From: davids () WEBMASTER COM (David Schwartz)
Date: Sun, 19 Mar 2000 10:06:27 -0800
Knud, AFAIK, all intel switches that have a layer 3 interface come with no default username or password. Also, the snmp community strings are public/private. Sigh.
Before you configure them, they have no IP adress and can only be remotely managed immediately after startup by answering their BOOTP requests. As soon as you use the software Intel supplies to configure them, they lock management down to the IP address of the management station. They can also send out SNMP traps when people connect from unauthorized IP addresses or use bad passwords. Somebody had to assign that switch an IP address and password but not set any limits on what IP addresses could manage it. That's not particularly bright. As for whether breaking connections after a fixed number of tries is a good idea, I don't believe it is. It's no harder to write a program to try 1000 passwords on one connection than it is to write one to try one password, disconnect, and repeat. So how would that provide any protection against brute force attacks? DS
Current thread:
- Crashing Win9x with smbclient Bud Meister (Mar 13)
- Intel Corporation, Express 550F Switch unlimited password attempts Knud Erik Højgaard (Feb 14)
- Re: Intel Corporation, Express 550F Switch unlimited password attempts rpc (Mar 15)
- Re: Intel Corporation, Express 550F Switch unlimited password attempts David Schwartz (Mar 19)
- CGI directory path NiGHTfly (Jul 07)
- Re: CGI directory path Vladimir Dubrovin (Mar 20)
- Re: CGI directory path mock () ACTIVESTATE COM (Mar 20)
- Re: Intel Corporation, Express 550F Switch unlimited password attempts rpc (Mar 15)
- Intel Corporation, Express 550F Switch unlimited password attempts Knud Erik Højgaard (Feb 14)
- Re: Crashing Win9x with smbclient Marc (Mar 14)
- Re: Crashing Win9x with smbclient Drew (Mar 14)
- Re: Crashing Win9x with smbclient Edsel Adap (Mar 15)
- Re: Crashing Win9x with smbclient Bluefish (Mar 20)
- Crashing Win9x with smbclient - But NT & W2K? Bluefish (Mar 26)
- Re: Crashing Win9x with smbclient - But NT & W2K? Magus Ba'al (Mar 27)
- Re: Crashing Win9x with smbclient - But NT & W2K? vventura () SIA PT (Mar 27)