We have received a possible security problem with draytek/vigor DSL routers of the 2000 and 2200 series. The draytek 2000 series has an undocumented open port at 56415/tcp. The vendor declared this port for use with "smart start wizard", a feature one would expect only within the local network, not at the internet side. The draytek 2200 series with newer firmware got a new feature VPN which opened another port 1723/tcp even when no VPN is configured at all. In our view it should be filtered to allow only the configured VPN partners. The vendor and manufacturer got informed by a draytek user in august 2001 and confirmed the problem. They didn't solve till now! But they replied in a rather uncooperative way: "An open port itself is no security risk - your own document states this. The attacker must know about a known problem behind the open port as per the text above. If you are correct in your assessment a simple search with Google should turn up dozens of hacker sites. I could not find a single reference - neither on Google nor on typical hacker sites. So, while I do appreciate the effort you are putting into this research I would also appreciate you using more appropriate terms in context with your findings." One possible workaround is to define one or two additional rules within the draytek firewall settings. This didn't work well in at least one case and it is for shure the wrong way to close unwanted services/ports. The better way will be to document it by the manufactor and close the smart start wizard port from the outside network. Think Safety www.security-gui.de -- -- Kai Kretschmann k.kretschmann@security-gui.de
This archive was generated by hypermail 2b30 : Mon Mar 04 2002 - 13:16:35 PST