nanog mailing list archives

Re: Default Passwords for World Wide Packets/Lightning Edge Equipment

From: Steven Bellovin <smb () cs columbia edu>
Date: Wed, 6 Jan 2010 17:13:58 -0500


On Jan 6, 2010, at 4:43 AM, George Bonser wrote:

-----Original Message-----

having physical access pretty much trumps any other security

measure.


The fact that there's a factory default means that lots of folks won't
change it when they configure the unit with an IP address; they follow
this with failing to implement iACLs, and it's pw3nt1me!



I suppose it is a philosophical thing with me.  I don't believe in
protecting people from their own stupidity. If you try to enforce that,
you end up with organizations making up their own "default" passwords
which can be little better than manufacturer defaults.

They're much better, since once guess doesn't suffice for all devices; see 
http://ids.ftw.fm/Home/publications/RouterScan-RAID09-Poster.pdf?attredirects=0 for some indication of just how bad the 
problem can be.  And we all suffer from p0wned devices, because they get turned into bots.  Roland is 100% right.

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

Current thread:

Default Passwords for World Wide Packets/Lightning Edge Equipment Nathan Eisenberg (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Dobbins, Roland (Jan 06)
  - RE: Default Passwords for World Wide Packets/Lightning Edge Equipment Nathan Eisenberg (Jan 06)
    - RE: Default Passwords for World Wide Packets/Lightning Edge Equipment Nathan Eisenberg (Jan 06)
    - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Dobbins, Roland (Jan 06)
    - RE: Default Passwords for World Wide Packets/Lightning Edge Equipment George Bonser (Jan 06)
    - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Dobbins, Roland (Jan 06)
    - RE: Default Passwords for World Wide Packets/Lightning Edge Equipment George Bonser (Jan 06)
    - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Steven Bellovin (Jan 06)
    - RE: Default Passwords for World Wide Packets/Lightning Edge Equipment Nathan Eisenberg (Jan 06)
  - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Matthew Palmer (Jan 06)
    - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Dobbins, Roland (Jan 06)
    - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Jim Burwell (Jan 06)
    - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment James Hess (Jan 06)
    - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Jeffrey I. Schiller (Jan 06)
    - RE: Default Passwords for World Wide Packets/Lightning Edge Equipment Nick Hale (Jan 06)
    - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Ricky Beam (Jan 07)
    - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Joe Greco (Jan 07)
    - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Bill Stewart (Jan 12)

(Thread continues...)