Bugtraq mailing list archives
Re: aDSL routers
From: truman () SUPERLINK NET (Truman Boyes)
Date: Wed, 14 Apr 1999 18:01:07 -0400
There are two levels of access on these units. Basic telnet access will provide limited commandset. These would leave the user with the ability to 'ping', list system info, show processes, and list the routing table. There is another level which provides more options and rights is available only by logging into the unit with password from the command line interface. Like most routers on networks, access should be restricted with access control lists. You can set this by using 'system addTelnetFilter' and specifying an IP range. Version Tested: FlowPoint/2200 SDSL [ATM] Router FlowPoint-2000 BOOT/POST V4.0.2 (18-Mar-98 12:00) .truman.boyes. On Tue, 13 Apr 1999, David Brumley wrote:
Welp, aDSL is here. And at least one manufacturer, flowpoint, sets no admin password. It's in the documentation, so I assume the company already knows about this vulnerability:) System managers who have aDSL access often overlook this, so I thought I'd point it out. A quick fix: disable telnet access to all of your aDSL router IP's. Better fix: set an admin password. Version tested: FlowPoint/2000 ADSL Router FlowPoint-2000 BOOT/POST V4.0.2 (18-Mar-98 12:00) Software version v1.4.5 built Tue Aug 11 23:20:20 PDT 1998 Cheers, -db
Current thread:
- [support_feedback () us-support external hp com: Security Bulletins, (continued)
- [support_feedback () us-support external hp com: Security Bulletins Patrick Oonk (Apr 13)
- Patrol security bugs fcosta (Apr 09)
- Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight M.C.Mar (Apr 09)
- New Novell Remote.NLM Password Decryption Algorithm with Exploit dreamer () RELIA NET (Apr 09)
- Novell Pandora Hack Jeremy M. Guthrie (Apr 12)
- Re: Novell Pandora Hack Simple Nomad (Apr 13)
- Re: Novell Pandora Hack Iain P.C. Moffat (Apr 13)
- aDSL routers David Brumley (Apr 13)
- Re: aDSL routers Derek Vadala (Apr 14)
- aDSL routers Brad Zimmerman (Apr 14)
- Re: aDSL routers Truman Boyes (Apr 14)
- New Novell Remote.NLM Password Decryption Algorithm with Exploit dreamer () RELIA NET (Apr 09)