Cisco 675 password nonsense

From: jobe smithe (jobeat_private)
Date: Mon Aug 09 1999 - 22:27:48 PDT

Next message: Martin Schulze: "Severe bug in cfingerd before 1.4.0"

Previous message: Ross Harvey: "Re: profil(2) bug, a simple test program"
Next in thread: Brian Elfert: "Re: Cisco 675 password nonsense"
Maybe reply: Brian Elfert: "Re: Cisco 675 password nonsense"
Maybe reply: Francis Bodie: "Re: Cisco 675 password nonsense"
Maybe reply: The Tech-Admin Dude: "Re: Cisco 675 password nonsense"
Maybe reply: Dave Dittrich: "Re: Cisco 675 password nonsense"
Maybe reply: Brian Elfert: "Re: Cisco 675 password nonsense"
Maybe reply: Signal 11: "Re: Cisco 675 password nonsense"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ WARNING: This post contains no new information and may be considered by
some to be a waste of valuable time. I submit this merely as something to be
pondered over coffee. There is no great hack here and no source is included
due to its simplistic nature. ]

Hello:

The recent posts to Bugtraq regarding Passwordless Cisco 675 got me curious
enough to kludge together some perl and try to gather some stats to see how
pervasive this problem was across a few /24s. NOTE: passwordless equipment
is certainly not exclusive to the Cisco 675, it is a laziness issue and
simply that IMO.

Some results:

# SCANNING REPORT [ 08/08/99-19:08:44 ]
# CALCULATING USING 774 LIVE HOSTS
#
# TOTAL HOSTS SCANNED       - 1020
# TOTAL HOSTS ALIVE         - 0774  76%
# TOTAL HOSTS DOWN          - 0246  24%
#
# TOTAL HOSTS FULLOPEN      - 0714  92%
# TOTAL HOSTS PROTECTED     - 0060  08%
# --> TOTAL HOSTS NO-EXEC   - 0020  03%
# --> TOTAL HOSTS NO-ENABLE - 0040  05%


This was a highly impromptu scanning effort. The network was a DSL
environment utilizing a few models from the Cisco 600 family.

Of course without some type of organised scanning methodologies (once a day;
once a week; whatever) I cannot claim that this information actually means
anything but it is kind of interesting to see that ~90% of the DSL customers on
-these- subnets are willing to hand out configs from nvram.

Unfortunately this info is probably only interesting/useful to the poor person
paying for the DSL service, or perhaps a network manager.

Do you really want anyone to be able to nab 700+ valid login/passwd pairs from
-your- network -on a whim-?


jøbe

-------------------------------------------------------------------------------
 jøbe - [ jobe AT unbroken DOT com ] - [ www.unbroken.com/jobe/ ]
-------------------------------------------------------------------------------
"It is entirely possible for a configuration of matter resembling a
television set or a belly dancer to pop out of a black hole, however
this is highly improbable." - Issac Asimov, 'Black Holes'
-------------------------------------------------------------------------------

Next message: Martin Schulze: "Severe bug in cfingerd before 1.4.0"
Previous message: Ross Harvey: "Re: profil(2) bug, a simple test program"
Next in thread: Brian Elfert: "Re: Cisco 675 password nonsense"
Maybe reply: Brian Elfert: "Re: Cisco 675 password nonsense"
Maybe reply: Francis Bodie: "Re: Cisco 675 password nonsense"
Maybe reply: The Tech-Admin Dude: "Re: Cisco 675 password nonsense"
Maybe reply: Dave Dittrich: "Re: Cisco 675 password nonsense"
Maybe reply: Brian Elfert: "Re: Cisco 675 password nonsense"
Maybe reply: Signal 11: "Re: Cisco 675 password nonsense"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:55:58 PDT