Verified using tcpdump, the flowpoint configuration manager indeed does
use SNMP to communicate, hence the simple solution would be turn off
SNMP [And telnet] (you shouldn't be running this if you don't need to
anyway).
Although it does discourage me that even after I flashed my router to
v3.0.8, the login prompt [for Telnet]does not disconnect me after a
certain number of retries (3, like Cisco IOS, would be a decent number).
Regards,
Chris J Burris
IntraACTIVE, Inc.
http://www.intraactive.com/
+1 202 822 3999
On Tue, 10 Aug 1999, Scott Drassinower wrote:
> Brute force, as it is not likely you will know what the number is without
> physical access to the router.
>
> If you were to block telnet and snmp access to the router, then you
> probably would only have to worry about access via the console port. I
> think that FlowPoint's graphical admin tools use snmp, but if they don't,
> you'll have to figure out how to block those as well.
>
> --
> Scott M. Drassinower [EMAIL PROTECTED]
> Cloud 9 Consulting, Inc. White Plains, NY
> +1 914 696-4000 http://www.cloud9.net
>
> On Tue, 10 Aug 1999, Eric Budke wrote:
>
> > At 12:07 PM 8/7/99 -0400, Scott Drassinower wrote:
> > >It involves a bug that allows a password recovery feature to be utilized
> > >from the LAN or WAN instead of just the serial console port.
> > >
> > >Basically, throwing enough 6 digit numbers at a pre-3.0.8 router will
> > >allow you to get access to the box to do whatever you want. It appears as
> > >if the problem started in 3.0.4, but I am not totally certain about that.
> >
> > So the vulnerability is essentially a brute force against telnet/snmp?
> > Assuming you filter those out, is there another way of accessing?
> >
> > >--
> > > Scott M. Drassinower [EMAIL PROTECTED]
> > > Cloud 9 Consulting, Inc. White Plains, NY
> > > +1 914 696-4000 http://www.cloud9.net
> > >
> > >On Thu, 5 Aug 1999, Matt wrote:
> > >
> > > > The following URL contains information about a firmware upgrade for
> > > > FlowPoint DSL routers that fixes a possible "security compromise".
> > > > FlowPoint has chosen not to release ANY information whatsoever about the
> > > > vulnerability. I was curious if anyone had any more information
> > > > about this vulnerability than what FlowPoint is divulging.
> > > >
> > > > http://www.flowpoint.com/support/techbulletin/sec308.htm
> > > >
> > > > thnx
> > > >
> > > > --
> > > > I'm not nice, I'm vicious--it's the secret of my charm.
> > > >
> >
> > --
> > PGP Key can be found at http://www.panix.com/~budke/pgp/budke_budke_com.txt
> >
>
