Re: FlowPoint DSL router vulnerability

From: Chris J Burris (chrisat_private)
Date: Tue Aug 10 1999 - 22:23:38 PDT

Next message: shusaku: "Re: FlowPoint DSL router vulnerability"

Previous message: Bronek Kozicki: "Re: Some Thoughts About The "So Called" Excel97 ODBC Security"
Maybe in reply to: Matt: "FlowPoint DSL router vulnerability"
Next in thread: shusaku: "Re: FlowPoint DSL router vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Verified using tcpdump, the flowpoint configuration manager indeed does
use SNMP to communicate, hence the simple solution would be turn off
SNMP [And telnet] (you shouldn't be running this if you don't need to
anyway).

Although it does discourage me that even after I flashed my router to
v3.0.8, the login prompt [for Telnet]does not disconnect me after a
certain number of retries (3, like Cisco IOS, would be a decent number).

Regards,

Chris J Burris
IntraACTIVE, Inc.
http://www.intraactive.com/
+1 202 822 3999

On Tue, 10 Aug 1999, Scott Drassinower wrote:

> Brute force, as it is not likely you will know what the number is without
> physical access to the router.
>
> If you were to block telnet and snmp access to the router, then you
> probably would only have to worry about access via the console port.  I
> think that FlowPoint's graphical admin tools use snmp, but if they don't,
> you'll have to figure out how to block those as well.
>
> --
>  Scott M. Drassinower					    scottdat_private
>  Cloud 9 Consulting, Inc.			       	     White Plains, NY
>  +1 914 696-4000					http://www.cloud9.net
>
> On Tue, 10 Aug 1999, Eric Budke wrote:
>
> > At 12:07 PM 8/7/99 -0400, Scott Drassinower wrote:
> > >It involves a bug that allows a password recovery feature to be utilized
> > >from the LAN or WAN instead of just the serial console port.
> > >
> > >Basically, throwing enough 6 digit numbers at a pre-3.0.8 router will
> > >allow you to get access to the box to do whatever you want.  It appears as
> > >if the problem started in 3.0.4, but I am not totally certain about that.
> >
> > So the vulnerability is essentially a brute force against telnet/snmp?
> > Assuming you filter those out, is there another way of accessing?
> >
> > >--
> > >  Scott M. Drassinower                                       scottdat_private
> > >  Cloud 9 Consulting, Inc.                                    White Plains, NY
> > >  +1 914 696-4000                                        http://www.cloud9.net
> > >
> > >On Thu, 5 Aug 1999, Matt wrote:
> > >
> > > > The following URL contains information about a firmware upgrade for
> > > > FlowPoint DSL routers that fixes a possible "security compromise".
> > > > FlowPoint has chosen not to release ANY information whatsoever about the
> > > > vulnerability. I was curious if anyone had any more information
> > > > about this vulnerability than what FlowPoint is divulging.
> > > >
> > > > http://www.flowpoint.com/support/techbulletin/sec308.htm
> > > >
> > > > thnx
> > > >
> > > > --
> > > > I'm not nice, I'm vicious--it's the secret of my charm.
> > > >
> >
> > --
> > PGP Key can be found at http://www.panix.com/~budke/pgp/budke_budke_com.txt
> >
>

Next message: shusaku: "Re: FlowPoint DSL router vulnerability"
Previous message: Bronek Kozicki: "Re: Some Thoughts About The "So Called" Excel97 ODBC Security"
Maybe in reply to: Matt: "FlowPoint DSL router vulnerability"
Next in thread: shusaku: "Re: FlowPoint DSL router vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:56:05 PDT