> Serious Cayman problem? Not half as serious as the default setup on some (all?) Cayman DSL routers, which come with such "features" as: * No administrative password set by default * A mini webserver....to access the unprotected administrative commands * Telnet that lets a person in without a password This is a pretty old issue, first reported (I think) back in March 2000: http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Fend%3 D2001-07-14%26mid%3D50343%26threads%3D0%26list%3D1%26start%3D2001-07-08%26fr omthread%3D1%26 However, there are still tons of these out there, with no password. Also the above advisory does not mention that these machines respond to SNMP queries (default public/private SNMP strings) with enough info to choke a horse - - not to mention that once a user is logged in, they can telnet OUT as well..... Has Cayman fixed the problem? I don't know. But you would think that any ISP which has promoted these products would have long since contacted their customers to remedy the situation - - obviously many have not. -J
This archive was generated by hypermail 2b30 : Mon Jul 09 2001 - 22:45:40 PDT