Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Draytek Router Passwords

From: "Santosh Shelke" <santosh.shelke () acm co in>
Date: Sat, 9 Sep 2006 17:07:37 +0530

Hi!

Yes! it is possible not just for router but for any Damn thing in this
Internet world which has a password
there are ways of getting around it
example using keyloggers,Demo software....tools
and then there are ways in which nothing is needed except the core thing of
logical thinking and making you  burp ! how did this happen?
1st of all  tell me whcih make/firmware/IOS was the router , any recent
software  ( demo software  ) you used, how many person are aware of router
password & how many are having a access to config .

hey a  clever  person will install software and  gizmos(tools) to catch a
worm but a wise will get just by asking the right question to right person!

adios  keep thinking

Santosh shelke
Keeping Network Alive  & Safe

----- Original Message ----- 
From: "Baki Gábor" <baki.gabor () infobia hu>
To: <security-basics () securityfocus com>
Sent: Friday, September 08, 2006 3:41 PM
Subject: RE: Draytek Router Passwords



Hi,

As you log in to the router's admin web page, of course you give it to the
admin's password. But I'm not sure you know that you give this password
during the whole session several time. Even better said you send the
password from your browser to the router (to your network!) with almost
every mouse click. Authentication... with every click. Great, isn't it?

The

most interestin' "feature" is the "show connections" or sg like this. You
can leave your computer there and leave open your browser with Draytek's
admin page and all what happens is the admin password will be sent to the
network regularly - every 5 or 10 seconds, as I remember..
Why? Because it is http and you can't set it to use https. This means,

your

consultant can simply sniff the admin's password. If e.g. dsniff or

Ettercap

or anything like these tools is used, your consultant don't have to

analyze

the packets at all, because there are shown just the userids & passwords
Just give it a try! ;)
This was the case @ Draytek 2200E & 2200X. Draytek hasn't developed a new
firmware to support https. This is why we aren't interested in any of the
newer products of Draytek, however the product itself is pretty good.
So the solution could be the usage of https or ssh. But not @ Draytek's
2200.. Just http or telnet...
In this case you shouldn't use this admin tool through the web. Instead:
through a vpn.
The question is whether your consultant has had access to your internal
network, whether it was possible for him to sniff your internal network,
whether you has used this tool during his sniffing and so on.
Some tip: you should analyze your network and find out what part of it can
be sniffed and what can you do against it.
E.g. are your network's active components hubs or switches, whether you

use

ipsec for encrypting data stream through your network and how is it
configured (I mean psk vs cert), whether you use 802.1x capable switches

and

whether this functionality is switched on (the most of the cases it is

NOT),

whether you use some solution against MITM attacks and so on...
And don't forget the probably the most important part: train your
colleagues, and change your network usage behaviour if needed. As Santosh
Shelke wrote in an earlier mail sometimes the easyiest way is just to put
the right question to the right person!!
If your colleagues are not trained about these possible attacks and

several

circumstances, then it's just wasting of time and money to do anything
against the mentioned methods of catching passwords or whatever.

If your outside consultant is really outside and can't access your

internal

or external network for sniffing and if we don't have to talk about a

tricky

worm, trojan or whatever which could have been sent into your network to
analyze it, so if he really cracked somehow your router's password, then

try

to use quite long and complex password (not contained in any dictionary

used

for dictionary based brute force attack) and change it regularly.
And probably you could use a device with built-in protection against

several

kind of attacks.
What about Linux? ;)
Probably together with an IDS solution..
Or have you heard about Openwrt?

Kind regards,
Gabor

-----Original Message-----
From: Santosh Shelke [mailto:santosh.shelke () acm co in]
Sent: Thursday, September 07, 2006 6:14 PM
To: security-basics () securityfocus com
Subject: Re: Draytek Router Passwords

Hi!

Yes! it is possible not just for router but for any Damn thing in this
Internet world which has a password
there are ways of getting around it
example using keyloggers,Demo software....tools
and then there are ways in which nothing is needed except the core thing

of

logical thinking and making you  burp ! how did this happen?
1st of all  tell me whcih make/firmware/IOS was the router , any recent
software  ( demo software  ) you used, how many person are aware of router
password & how many are having a access to config .

hey a  clever  person will install software and  gizmos(tools) to catch a
worm but a wise will get just by asking the right question to right

person!


adios  keep thinking

Santosh shelke
Keeping Network Alive  & Safe

----- Original Message ----- 
From: "Gethin Jones" <gethinj () gethin net>
To: <security-basics () securityfocus com>
Sent: Thursday, September 07, 2006 4:23 AM
Subject: Draytek Router Passwords



Folks,

I have just had an outside consultant crack a password to one of my on
site routers
Does anybody have an idea as to how to go about this?
I really don't want it to happen again and I seriously want to know how
he did it, especially as the password as 10 characters long

Best Regards


G





--------------------------------------------------------------------------

--

----



--------------------------------------------------------------------------
-

This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic

Excellence

in Information Security. Our program offers unparalleled Infosec

management

education and the case study affords you unmatched consulting

experience.

Using interactive e-Learning technology, you can earn this esteemed

degree,

without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus


--------------------------------------------------------------------------
-



--------------------------------------------------------------------------

-

This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec

management

education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed

degree,

without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
--------------------------------------------------------------------------

-



--------------------------------------------------------------------------

-

This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec

management

education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed

degree,

without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
--------------------------------------------------------------------------

-







---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: