Full Disclosure mailing list archives
RE: previledge password in cisco routers
From: "Todd Towles" <toddtowles () brookshires com>
Date: Wed, 24 Nov 2004 13:25:28 -0600
Sorry but cisco can only be blamed for so much. If you allow telnet to your router from the internet...then how is that Cisco's fault? Or even if you allow SSH from the internet...network protection is the key. Software will have holes and problems with be found. Only thru good network design and layered security will you be protected. Server are open to attack also if you allow FTP, SSH and TS from the internet...what do you think will happen? SNMP strings are like gold..and very few people understand they need to change them and guard them as such...but again that isn't cisco's fault. Should you use the web interface to connect your routers? Well no..there are problem with it...learn the command line and therefore the problem doesn't exist.
-----Original Message----- From: Gary E. Miller [mailto:gem () rellim com] Sent: Wednesday, November 24, 2004 1:20 PM To: Todd Towles Cc: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] previledge password in cisco routers -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yo Todd! On Wed, 24 Nov 2004, Todd Towles wrote:Do you seriously think there is a easy way to get theenable passwordremotely?Cisco has previously had bugs that allowed easy enable password recovery remotely using SNMP and the web management interface. If it is an older unpatched router, showing one of these services to you, then a search of standard exploits will turn up what you need. There was a particularly nasty telnet hack a while back. Even if you had an ACL on the port you were easily hacked. If past performance is any indicator or future performance then there will again be a Cisco bug, or sloppy admin, that allows this. RGDS GARY - -------------------------------------------------------------- ------------- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 gem () rellim com Tel:+1(541)382-8588 Fax: +1(541)382-8676 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBpN748KZibdeR3qURAh6DAJ4zZnYcMO0uhg6lfs83ScS3IpsVxgCgiVBK 9rIjcwwiaIDhHAK15G8x0wk= =wREb -----END PGP SIGNATURE-----
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: previledge password in cisco routers, (continued)
- RE: previledge password in cisco routers Todd Towles (Nov 24)
- RE: previledge password in cisco routers amilabs (Nov 24)
- Re: previledge password in cisco routers Alen Capalik (Nov 24)
- Re: previledge password in cisco routers Night Ninja (Nov 24)
- RE: [in] Re: previledge password in cisco routers Curt Purdy (Nov 24)
- Re: previledge password in cisco routers john morris (Nov 25)
- RE: previledge password in cisco routers amilabs (Nov 24)
- RE: previledge password in cisco routers Gary E. Miller (Nov 24)
- RE: previledge password in cisco routers Todd Towles (Nov 24)
- RE: previledge password in cisco routers Todd Towles (Nov 24)
- RE: previledge password in cisco routers Donahue, Pat (Nov 24)
- RE: previledge password in cisco routers Steven Alexander (Nov 24)
- RE: previledge password in cisco routers Todd Towles (Nov 24)
- RE: previledge password in cisco routers David Taylor (Nov 25)