solution to this 'vulnerability'? ...first addTelnetFilter xxx.xxx.xxx.xx1 xxx.xxx.xxx.xxL ...then addSMTPFilter xxx.xxx.xxx.xx1 xxx.xxx.xxx.xxL ->where ...1 is the starting IP of your LAN ->and ...L is the LAST address locally - no public access? At 07:19 AM 8/10/99 -0400, you wrote: >At 12:07 PM 8/7/99 -0400, Scott Drassinower wrote: >>It involves a bug that allows a password recovery feature to be utilized >>from the LAN or WAN instead of just the serial console port. >> >>Basically, throwing enough 6 digit numbers at a pre-3.0.8 router will >>allow you to get access to the box to do whatever you want. It appears as >>if the problem started in 3.0.4, but I am not totally certain about that. > >So the vulnerability is essentially a brute force against telnet/snmp? >Assuming you filter those out, is there another way of accessing? > >>-- >> Scott M. Drassinower scottdat_private >> Cloud 9 Consulting, Inc. White Plains, NY >> +1 914 696-4000 http://www.cloud9.net >> >>On Thu, 5 Aug 1999, Matt wrote: >> >> > The following URL contains information about a firmware upgrade for >> > FlowPoint DSL routers that fixes a possible "security compromise". >> > FlowPoint has chosen not to release ANY information whatsoever about the >> > vulnerability. I was curious if anyone had any more information >> > about this vulnerability than what FlowPoint is divulging. >> > >> > http://www.flowpoint.com/support/techbulletin/sec308.htm >> > >> > thnx >> > >> > -- >> > I'm not nice, I'm vicious--it's the secret of my charm. >> > > >-- >PGP Key can be found at http://www.panix.com/~budke/pgp/budke_budke_com.txt >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:56:06 PDT