More information on alcatel speed touch home modem

From: Hacknisty (hacknistyat_private)
Date: Tue Jan 22 2002 - 11:07:05 PST

Next message: Jass Seljamaa: "Macinosh IE file execuion vulerability"

Previous message: Frank Heyne: "The "Lunch Break Hole""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This bug, as far as I know, only happends on GV8BAA3.253 versions and is
only available on the eth0 local interface.
NB:
My modem is an Alcatel Speed Touch Home one, therefore Ethernet.
Here are the informations about my modem:
	- active software version : GV8BAA3.253
	- firmware : 8706
	- Ip local : 10.0.0.1

I did the tests from a basic distribution around LFS kernel 2.4.16
My NMAP version is 2.54BETA30

When I run NMAP -O 10.0.0.1 then the modem reboots
As far as I can see this bug only happens on GV8BAA3.253 and only in local
network.
The LAN is protected from the incomming packets with Firewall rules that
couldn't be modified (I don't think it's possible, not with this version
anyway).

How to know its software version:
# ftp modem_ip (default : 10.0.0.138)
Connected to 10.0.01
220 Inactivity timer = 120 seconds. Use 'site idle <secs>' to change.
Name (10.0.0.138:root):
password :
 ## If you have a message like
421 Service Not Available, remote server has closed connection
Login failed.
No control connection for command : No such file or directory.
ftp >
## It means that you need a password
## To obtain your password, click on the link and read the F.A.Q. (it's in
French, ask me for the translations)
##
http://www.clubic.com/forum/05/message/2880-0.htm

Once you're connected, type:
ftp> cd active
250 Changed to /active
ftp>ls
200 Connected to 10.0.0.11 port 33376
150 Opening data connection for /bin/ls
total 1
-rwxrwxrwx   1 0        0                997001  Jun 29  1971 GV8BAA3.253
<-- it's your active version
-rwxrwxrwx   1 0        0                         27    Jun 29  1971
start.cmd
-rwxrwxrwx   1 0        0                                   0   Jun 29  1971
active.flg
-rwxrwxrwx   1 0        0                         32    Jun 29  1971
system.ini
-rwxrwxrwx   1 0        0                      506      Jun 29  1971 ip.ini
-rwxrwxrwx   1 0        0                       308     Jun 29  1971
phone.ini
-rwxrwxrwx   1 0        0                         28 Jun 29  1971 bridge.ini
-rwxrwxrwx   1 0        0                                   0 Jun 29  1971
atmf.ini
-rwxrwxrwx   1 0        0                         92 Jun 29  1971 pptp.ini
-rwxrwxrwx   1 0        0                      189 Jun 29  1971 dnsd.ini
-rwxrwxrwx   1 0        0                      217 Jun 29  1971 dhcp.ini
-rwxrwxrwx   1 0        0                       203 Jun 29  1971 ppp.ini
-rwxrwxrwx   1 0        0                                   0 Jun 29  1971
cip.ini
-rwxrwxrwx   1 0        0                       297 Jun 29  1971 nat.ini
226 Options: -l  : 0 matches total


In order to know the firmware, follow the link above
You're not obliged to change the modem in Pro mode, stop at the first telnet
command then you'll have your firmware version (8704

Next message: Jass Seljamaa: "Macinosh IE file execuion vulerability"
Previous message: Frank Heyne: "The "Lunch Break Hole""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jan 22 2002 - 14:06:20 PST