On Sat, 31 Jul 1999, DeMoNx wrote: > switching all non-business/special adsl accounts over to using PPP rather > than bridging mode for 'security reasons', I got a little suspicious. With With good reason. In bridging mode with a Windows 9x/NT box, your network neighborhood will show everyone else's PC that has any file/print sharing enabled. So, it's trivially easy to connect to a non-passworded share. Now, ideally, all these shares would be passworded, but we know that'll never happen. Not having the shares show up in network neighborhood is a bit of security by obscurity, but it's harder to connect to a share if it's not in your network neighborhood. > them. The problem is, *most* of these guys don't set passwords on the > 675's. It is very simple to compromise an unpassworded 675. simply hit > 'enter' at the password prompt after telnetting in, if you get a cbos> > promt you are half way there, NOT GOOD. If there is no exec mode password > set, then there most likely won't be an enable(superuser) mode password Cisco has recognized this as a problem. This is fixed in 2.1.0a or in 2.2.0 (2.2.0 out shortly). The 675 will react like classic IOS and not allow telnet if a exec password is not set. BTW, in US West land at least, 90 to 95% of all installs are self install where a tech never visits the customer. Brian
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:54:55 PDT