Vulnerability Development mailing list archives
Re: default password list (3Com switches)
From: tymm () COE MISSOURI EDU (Tymm Twillman)
Date: Mon, 10 Jul 2000 20:56:19 -0500
Well, this is one of those "documented but not all that often read" dealies. It's right there in the manual. However the other obnoxious thing that those who don't read the manual also don't find out is that by default these switches will use DHCP to get an IP address and default route. So, yeah, those who think of switches as a drop-in-and-ignore solution, they're leaving themselves open to some nice DOS attacks (Hey, let's shut down all the ports on this here switch...) and other fun games. Anyhow, at least in my opinion, any networking hardware that has an RS232 port should be plugged into and poked at a bit before being thrown into production. Generally first thing I do with stuff like this is disable dhcp/external network access to management features and set up a serial concentrator on a secure host for management. Much more fun, btw, is Alteons, which also DHCP, where folks don't change the password ("admin") and leave the web config util running. point and click your way to some real fun -- of course there's also a nice CLI w/telnet access. -Tymm On Mon, 10 Jul 2000, Luis Pinto wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I think these havent showed up, so here they are: Default passwords for 3com Superstack Switch II (1100 and 3300, possibly others): Monitor access level: username: monitor password: monitor manager access level: username: manager password: manager Security access level: username: admin password: <no password> or: username: security password: security My apologies if it is not new... Regards, Luis Pinto - -------------------------------------------------------------------------- http://student.dei.uc.pt/~lmpinto ICQ #15663369 Finger for PGP key - -------------------------------------------------------------------------- Writing about music is like dancing about architecture. -- Frank Zappa -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1i iQA/AwUBOWoQvYfF8HgH+Y51EQKLbQCfZgbD3RT323bLtjyCBSEkJXId6oQAoPpp A3vy804VHSHYPVkv4ianecbO =HD1u -----END PGP SIGNATURE-----
Current thread:
- Re: default password list (BIOS Master Passwords) Nathan Einwechter (Jul 04)
- Re: default password list (BIOS Master Passwords) Bluefish (Jul 05)
- About the format bugs thread... TeeSPy (Jul 09)
- Re: About the format bugs thread... Bluefish (Jul 11)
- Re: default password list (3Com switches) Luis Pinto (Jul 10)
- Re: default password list (3Com switches) Tymm Twillman (Jul 10)
- (no subject) C.O.Too (Jul 13)
- <Possible follow-ups>
- Re: default password list (BIOS Master Passwords) appie k. (Jul 05)