nanog mailing list archives
Re: Default Passwords for World Wide Packets/Lightning Edge Equipment
From: Steven Bellovin <smb () cs columbia edu>
Date: Wed, 6 Jan 2010 17:13:58 -0500
On Jan 6, 2010, at 4:43 AM, George Bonser wrote:
-----Original Message-----having physical access pretty much trumps any other securitymeasure.The fact that there's a factory default means that lots of folks won't change it when they configure the unit with an IP address; they follow this with failing to implement iACLs, and it's pw3nt1me!I suppose it is a philosophical thing with me. I don't believe in protecting people from their own stupidity. If you try to enforce that, you end up with organizations making up their own "default" passwords which can be little better than manufacturer defaults.
They're much better, since once guess doesn't suffice for all devices; see http://ids.ftw.fm/Home/publications/RouterScan-RAID09-Poster.pdf?attredirects=0 for some indication of just how bad the problem can be. And we all suffer from p0wned devices, because they get turned into bots. Roland is 100% right. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Current thread:
- Default Passwords for World Wide Packets/Lightning Edge Equipment Nathan Eisenberg (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Dobbins, Roland (Jan 06)
- RE: Default Passwords for World Wide Packets/Lightning Edge Equipment Nathan Eisenberg (Jan 06)
- RE: Default Passwords for World Wide Packets/Lightning Edge Equipment Nathan Eisenberg (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Dobbins, Roland (Jan 06)
- RE: Default Passwords for World Wide Packets/Lightning Edge Equipment George Bonser (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Dobbins, Roland (Jan 06)
- RE: Default Passwords for World Wide Packets/Lightning Edge Equipment George Bonser (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Steven Bellovin (Jan 06)
- RE: Default Passwords for World Wide Packets/Lightning Edge Equipment Nathan Eisenberg (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Dobbins, Roland (Jan 06)
- RE: Default Passwords for World Wide Packets/Lightning Edge Equipment Nathan Eisenberg (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Dobbins, Roland (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Jim Burwell (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment James Hess (Jan 06)