Re: news story and router passwords

[Mark Teicher <mark.teicher () NETWORKICE COM>]

On an Ascend box: Once can use SNMP (sysReset object) to reset an Ascend
Router from an SNMP Manager.  After the Reset command is issue, the Ascend
will attempt to confirm the request before the unit is reset.  In my
example, two SNMP_Set requests are sent, the first one is received and the
second one is the confirmation (2nd request).  Information held in the
Ascend Events Group is erase and its values are intialized when the Ascend
router is reset by software.  The SNMP object (sysAbsoluteStartUpTime is
the time in second since January 1, 1990) and is not modified.  One can
reset this value to 0 in order to reset back to factory defaults.
Very similiar if one send an 'fclear' which basically returns an Ascend box
to its factory set defaults.

But as I stated before, I know very little about SNMP and it's capabilities..

/mark

At 06:49 PM 10/14/00 -0600, Richard Johnson wrote:
> At 11:10 -0600 on 10/12/2000, Vachon, Scott wrote:
> > >Frankly speaking I'd suppose that they just did not back up their >config
> > :)
> > >(because it looks like they even did not use access-lists etc.)
> >
> > >From reading the article is sounds as if a simple script kiddie found an
> > easy and unprotected target. Where these fools too simple-minded to
> > physically remove the stricken (and apparently blocking) gear from the
> > network and rework it ?
>
>
> This is apparently more difficult with an Ascend router that uses SNMP only
> for configuration (no console access?), and apparently has no 'lobotomy'
> switch for at least temporarily resetting to known default password or
> configuration.
>
> Still, 11 days to arrange replacement hardware is a bit severe for a
> provider only half an hour away from the Denver metro area.  At least now
> they know they can hit a number of locals up for emergency loaners in the
> future.
>
>
> Richard