Re: [PEN-TEST] Proteon/NX Networks routers?

["Matthew G. Marsh" <mgm () PAKTRONIX COM>]

On Fri, 23 Feb 2001, Randy Williams wrote:

> Anyone have any familiarity with these devices? Security options seem to
> be reasonably minimal, although I also can't find much from typical
> sources on any way to crack into em. Any assistance would be most useful.
>
> More details: this is a remote crack, without console. I can read quite a
> bit of basic routing/interface info from the router via SNMP (public
> community works - go figure). The router has the tftp, bootp, netbios-*,
> and snmp UDP ports open, as well as udp ports 1025 and 1026. I can telnet
> to it as well and get a login prompt, although that doesn't help much,
> since I would prefer not to guess every username/passwd under the sun :)

Notes:

The router config is in binary. Proteon specific MIB is on venera and on
the Proteon website (the company name is changed to Open... - search on
Proteon). If you can find a R/W community you can reset the admin password
assuming noone has changed the name. By default the SNMP, tftp, bootp, NB,
etc are not enabled. SNMP in particular was only enabled manually. Now the
current OpenRoute software may have changed that statement (last I worked
on these was 1998). If you can tell what the router brand is (DNX, RBX,
GT, ...) and the rev of software (MIB-II will release that) then I can
probably tell you some known defaults.

One thing I always liked from a security perspective on these is that the
config is binary and the format was different per hardware and software
rev. ...

> Thanks in advance,
> RW

--------------------------------------------------
Matthew G. Marsh,  President
Paktronix Systems LLC
1506 North 59th Street
Omaha  NE  68104
Phone: (402) 932-7250
Email: mgm () paktronix com
WWW:  http://www.paktronix.com
--------------------------------------------------