There are two levels of access on these units. Basic telnet access will provide limited commandset. These would leave the user with the ability to 'ping', list system info, show processes, and list the routing table. There is another level which provides more options and rights is available only by logging into the unit with password from the command line interface. Like most routers on networks, access should be restricted with access control lists. You can set this by using 'system addTelnetFilter' and specifying an IP range. Version Tested: FlowPoint/2200 SDSL [ATM] Router FlowPoint-2000 BOOT/POST V4.0.2 (18-Mar-98 12:00) .truman.boyes. On Tue, 13 Apr 1999, David Brumley wrote: > Welp, aDSL is here. And at least one manufacturer, flowpoint, sets no > admin password. It's in the documentation, so I assume the > company already knows about this vulnerability:) System managers > who have aDSL access often overlook this, so I thought I'd point it out. > A quick fix: disable telnet access to all of your aDSL router IP's. > Better fix: set an admin password. > > Version tested: > FlowPoint/2000 ADSL Router > FlowPoint-2000 BOOT/POST V4.0.2 (18-Mar-98 12:00) > Software version v1.4.5 built Tue Aug 11 23:20:20 PDT 1998 > > Cheers, > -db >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:42:31 PDT