Re: Hijack IP Address using cable modem

From: Marcin Dawcewicz (mivat_private)
Date: Sun Apr 29 2001 - 10:52:45 PDT

Next message: Ryan Sweat: "Re: Hijack IP Address using cable modem"

Previous message: Marcin Dawcewicz: "Re: Hijack IP Address using cable modem"
In reply to: Rajkumar S.: "Re: Hijack IP Address using cable modem"
Next in thread: Rajkumar S.: "Re: Hijack IP Address using cable modem"
Next in thread: Ryan Sweat: "Re: Hijack IP Address using cable modem"
Reply: Rajkumar S.: "Re: Hijack IP Address using cable modem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 28 Apr 2001, Rajkumar S. wrote:

> On Fri, 27 Apr 2001, fejed wrote:
>
> Following a lead from fejed i ran nmap over my SurfBoard 3100 cable modem.

I did the same with SB4100 some time ago ...

>
> Here are the results.

... and here are mine:

>
> Starting nmap V. 2.12 by Fyodor (fyodorat_private, www.insecure.org/nmap/)
>
> Interesting ports on  (192.168.100.1):
> Port    State       Protocol  Service

  23      open        tcp        telnet

Unfortunately telnetting to this port shows nothing. TCP Connection is
established but modem doesn't show any banners or sth. Every other
connection to 23 is silently ignored - no RST nor SYN+ACK packets ...

> 80      open        tcp        http

Nothing interesting: just some info about model, firmware etc. There's a
'Configuration Manager' title at start page suggesting that there should
be much more pages available via HTTP. Unfortunately these pages aren't
accessible on my box. Is it normal on all SB4100s or is this only my ISP
using cutted down version of firmware ?

> 513     open        tcp        login
>
> Interesting ports on  (192.168.100.1):
> Port    State       Protocol  Service
> 161     open        udp        snmp

Are there any default community names on SBs ??

> 514     open        udp        syslog

I read somewhere that SB3100 model should have logs.html page accesible
via HTTP. Does it mean that SB's can receive logs on it's syslog port ?
Pardon, where are these logs stored ?? :)

>
>
> TCP Sequence Prediction: Class=64K rule
>                          Difficulty=1 (Trivial joke)
> Remote operating system guess: IBM LAN RouteSwitch/Xylan OmniSwitch
> Version 3.2.5/NeXT
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 25 seconds
>
> It has HTTP open. And their is a web server running and it gives fairly
> decent info about the modem.
>
> What could the 513 have? My guess is that it
> is the port of the DHCP server that is running inside the modem.

DHCP server is not running inside the modem. It's rlogin of course.

>
> The UDP is snmp and syslog.
>
> Any one with any experience with this OS. Some bugs are bound to occur.
>
>
> raj
>

--
pozdrawiam,

-= Marcin Dawcewicz =-         mailto: mivat_private
"When freedom is outlawed, only outlaws will be free"

Next message: Ryan Sweat: "Re: Hijack IP Address using cable modem"
Previous message: Marcin Dawcewicz: "Re: Hijack IP Address using cable modem"
In reply to: Rajkumar S.: "Re: Hijack IP Address using cable modem"
Next in thread: Rajkumar S.: "Re: Hijack IP Address using cable modem"
Next in thread: Ryan Sweat: "Re: Hijack IP Address using cable modem"
Reply: Rajkumar S.: "Re: Hijack IP Address using cable modem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 30 2001 - 08:10:02 PDT