I dont know if this has been posted if so ignore it please. For those of you lucky people to have a Bay Accelar 1000 series here is something you might find interesting.. If one enables the HTTP server (Configuration Interface) on the Bay Accelar 1000 series (I do not know if this is true on other Accelars..I have only used Accelar 1200's) anyone can attach to the main page of the Accelar without a password. Not only this, but one can surf around a bit before being asked a password as well. The best part of this is that when one tries to login and fails the system logs do not show it!!! (Atleast a log show doesn't). Now since Bay likes to use rw, rwo, and rwa one could use a brute hacker (wwwhack, etc) to attempt access. Unlike other Bay products there is no option to only allow certain subnets access to the HTTP server (Atleast none that I could find, or multiple Bay Reps I talked too knew of). Last time I talked to a Bay Rep I was told that it was an issue that was being "looked into", so an easy solution is, do not enable the HTTP server on your Accelar 1000 series. The damage that could be done is great (Turning off ports, redoing VLANs, etc). _________________________________________________________ DO YOU YAHOO!? Get your free @yahoo.com address at http://mail.yahoo.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:18:08 PDT