On Tuesday 20 February 2001 18:29 US Central Time, Kras Hish wrote:
> Telocity provides DSL to their customers through what they call the
> Telocity "Gateway Modem".
> In the modems, you can connect to them through your web browser to view
> usage statistics, your assigned IP, the DHCP server IP (Modems IP),
> Management's IP (Modem's IP, different than the previous), DNS IP, and the
> hardware software version information.
>
> In the older model modem, it is possible to remotely view the "Details"
> section of the modem, thus reveling all the above mentioned information to
> a possible intruder. Telocity has numbered their gateways in sequential
> order, so it would be possible to write a script that would search for
> http://123.123.123.1/stats in a range of addresses. Of course is the ever
> interesting URL http://123.123.123.1/admin which prompts you for a
> username/password combo to access what? (any information on this would be
> great)
How is this a "security flaw"? It displays your connection's status as well
as hardware information of your DSL modem. This is really useful, especially
if you run a server off your Telocity DSL line. It let's you check on your
connection remotely, so you can check status of your DSL from anywhere. I
think this is a feature, rather than a bug.
