Vulnerability Development mailing list archives
Re: Administrivia #4883 (fwd)
From: jms () NEGATION NET (jason storm)
Date: Thu, 13 Jan 2000 23:39:53 -0800
recently discoverd that flowpoint dsl routers by default do not limit the number of attempts you can have at entering a password to get logged in. To my knowledge, (I've not finished reading the manual yet) there's no option to turn this default behavior off, though I cannot verify this. With a simple perl script, someone could simply hammer away at the flowpoint routers until they find a combination of characters that works. There's no point in saying what kind of security risk this is, I think
depending on the version OS your flowpoint runs, you can limit what ip's can telnet in using the filter command. if you apply that feature correctly, you effectively prohibit brute forcing the router pw. treat it like cisco's access-list's retarded little brother and you wont be too disapointed. word to burger, jason storm
Current thread:
- Re: Administrivia #4883 (fwd) jason storm (Jan 13)
- Re: Administrivia #4883 (fwd) Marc Esipovich (Jan 13)
- Re: Administrivia #4883/flowpoints jason storm (Jan 14)
- Re: Administrivia #4883/flowpoints Marc Esipovich (Jan 14)
- Re: Administrivia #4883/flowpoints jason storm (Jan 14)
- Re: Administrivia #4883 (fwd) Marc Esipovich (Jan 13)