I'm sorry I misjudged you, J. &;-) The security expert I consulted got me
started thinking along the paranoia lines.
I am still amazed that Cisco would go against everything in their own
security dogma and Telnet in via a backdoor, though. I agree with the
person that said security and convenience are tradeoffs, but if you have to
get in via a backdoor, I think you have a good idea that this customer
considers security more important.
Well, I'll let it drop now. Some people got the message at least.
Priscilla
At 09:51 PM 1/18/01, J Roysdon wrote:
>If I was a saboteur, I don't think I'd even bother with TAC, I'd just crack
>the passwords and have my way, heh. Also, 95% of my TAC calls are opened
>with new router serial numbers and my CCO username given to jump me right
>into talking to a TAC engineer.
>
>Plus, you don't even need a CCO login to get to the Password Recovery pages:
>http://www.cisco.com/warp/public/474/index.shtml
>
>We were troubleshooting cas-group commands and replacing an AdTran Atlas 550
>that was acting as a CSU/DSU splitting off DS0's between a frame relay
>connection and trunks to a long distance carrier. Cisco couldn't get why
>the command wasn't functioning right and one of their engineers wanted to
>get in and do some diagnostics.
>
>I think Priscilla has been watching too many X-Files episodes ;-p
>
>--
>Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
>List email: [EMAIL PROTECTED]
>Homepage: http://jason.artoo.net/
>Cisco resources: http://r2cisco.artoo.net/
>
>
>""Kevin Wigle"" <[EMAIL PROTECTED]> wrote in message
>00b601c081d0$985ebc60$[EMAIL PROTECTED]">news:00b601c081d0$985ebc60$[EMAIL PROTECTED]...
> > I don't think its so fishy and I don't think Cisco could be faulted in any
> > way.
> >
> > My reading is that the "guy" was working with Cisco on a problem.
> >
> > Therefore this "guy" must have some responsibility for the network.
> >
> > Cisco would have to think that this guy knows what he's doing since he has
> > the wherewithal to get into the company's network and then get into
>routers
> > to configure them.
> >
> > It depends I guess on how far your conspiracy feelings go, if the "guy"
>was
> > bogus and had all the passwords etc, then how is Cisco to know?
> >
> > Doesn't TAC have to deal with a registered contact?
> >
> > Kevin Wigle
> >
> > ----- Original Message -----
> > From: "Priscilla Oppenheimer" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> > Sent: Thursday, 18 January, 2001 22:51
> > Subject: Re: Remote Telnet access via dial-up
> >
> >
> > > At 07:32 PM 1/18/01, Erick B. wrote:
> > > >I don't understand how companys can have main network
> > > >equipment (routers, etc) accessible over the internet
> > > >with telnet (and other mgmt services) running *with*
> > > >no passwords or filters. I see it on a regular
> > > >occurance.
> > >
> > > That is amazing. But in this case the company had a lot of security, it
> > > sounds like. It was not possible to get into the routers until this guy
> > > opened up a backdoor and let Cisco engineers Telnet in over a dial-up
>line
> > > connected to his PC. I can't believe Cisco engineers would thwart their
> > > customer's security policy in that way. I think the story sounds fishy.
> > >
> > > Priscilla
> > >
> > >
> > > >--- Priscilla Oppenheimer <[EMAIL PROTECTED]> wrote:
> > > > > At 10:31 PM 1/17/01, J Roysdon wrote:
> > > > > >Today I was a site w/o internet access, but I
> > > > > needed to get Cisco into it to
> > > > > >save time relaying commands and information. I had
> > > > > a dial-up connection out
> > > > > >to my ISP, and then thought about the built-in
> > > > > Telnet server that Windows
> > > > > >2000 Professional has. I made a quick guest
> > > > > account for Cisco, and told
> > > > > >them my dial-up IP, which they could connect to,
> > > > > and then once telnetted
> > > > > >into my workstation, they were able to telnet out
> > > > > my NIC to the routers they
> > > > > >needs to get to. Only catch is that you can only
> > > > > have one session up
> > > > > >through it (enough for us):
> > > > >
> > > > > Good thing! Can you imagine the issues if you had
> > > > > just opened up port 23
> > > > > for the whole world? Good grief.
> > > > >
> > > > > I just asked a security expert at my company about
> > > > > this scenario and he
> > > > > took a sinister view. He wondered if the story was
> > > > > broadcast in order to
> > > > > incite damange. I don't think that's the case, but
> > > > > this message did come
> > > > > from the same guy that posted photographs of his
> > > > > site for some reason. See
> > > > > the message about patch panels.
> > > > >
> > > > > Priscilla
> > > >
> > > >
> > > >__________________________________________________
> > > >Do You Yahoo!?
> > > >Get email at your own domain with Yahoo! Mail.
> > > >http://personal.mail.yahoo.com/
> > >
> > >
> > > ________________________
> > >
> > > Priscilla Oppenheimer
> > > http://www.priscilla.com
> > >
> > > _________________________________
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
>_________________________________
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
________________________
Priscilla Oppenheimer
http://www.priscilla.com
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
