Recently there was a note in the bug list (below) indicating that FlowPoint Routers do not set an administration password. This statement is false, but the vulnerability of the router to folks not changing the default router password is well known. Our GUI asks the user to change the password. Release 3.0.2 onwards requires the user to enter the password to access any information via the console or telnet. Access control to the router via telnet and snmp can be controlled via access lists using the command system addtelnetfilter <IP Addresses> system addsnmpfilter <IP Addresses> The SNMP Community name can be changed as well as the ports used to access Telnet and SNMP. In addition, access to the router via SNMP and Telnet can be turned off. The commands system telnetport <Port No> system snmpport <Port No> A <Port No> of 0 stops access to the router. In addition, an IP Filtering package similar to the Linux Firewall capability is available as an option. kind regards, Philip Rakity Vice President Product Development FlowPoint Corporation 180 Knowles Drive Suite 100 Los Gatos, CA 95030 USA e-mail: pmrat_private phone: +1 (408) 364-8300 fax: +1 (408) 364-8301 > > -----Original Message----- > From: David Brumley [SMTP:dbrumleyat_private] > Sent: Tuesday, April 13, 1999 11:02 PM > Subject: aDSL routers > > Welp, aDSL is here. And at least one manufacturer, flowpoint, sets no > admin password. It's in the documentation, so I assume the > company already knows about this vulnerability:) System managers > who have aDSL access often overlook this, so I thought I'd point it out. > A quick fix: disable telnet access to all of your aDSL router IP's. > Better fix: set an admin password. > > Version tested: > FlowPoint/2000 ADSL Router > FlowPoint-2000 BOOT/POST V4.0.2 (18-Mar-98 12:00) > Software version v1.4.5 built Tue Aug 11 23:20:20 PDT 1998 > > Cheers, > -db >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:42:33 PDT