On Tue, Dec 29, 2009 at 12:08 PM, T Biehn <tbi...@gmail.com> wrote: > This is a hiroshima versus 'harmless' mountain demonstration debate, > Lee. Because the post includes the raw data including ports, passwords > and ranges one must assume
no, I don't >have< to make that assumption > that "Cilia Pretel Gallo" was appealing to > the lowest common denominator, to a group of individuals where > checking NRO whois db for ETB's netblocks would not be an obvious > first step. > Just because you or I wouldn't have made a full disclosure of the problem it doesn't necessarily follow that "Cilia Pretel Gallo" was appealing to the lowest common denominator. The few times I've found something that I considered a security issue & the vendor didn't agree, a "So you're OK with me posting the details to Full Disclosure then?" was enough to get them to reconsider. I doubt the OP tried that tactic with ETB.. but it seems to me the real problem is with ETB leaving this [alleged - I haven't bothered to check] security hole wide open. Regards, Lee > > Ahem. > > -Travis > > On Tue, Dec 29, 2009 at 11:36 AM, Lee <ler...@gmail.com> wrote: > > On Tue, Dec 29, 2009 at 10:23 AM, T Biehn <tbi...@gmail.com> wrote: > >> > >> This is an orgiastic dump of information, you must really hate ETB; or > >> you must be really excited for lulz. > > > > or you're hoping that full disclosure will get ETB to fix the problem. > > > > Regard, > > Lee > > > >> > >> -Travis > >> > >> On Tue, Dec 29, 2009 at 5:23 AM, Cilia Pretel Gallo > >> <cpretelga...@yahoo.com> wrote: > >> > I've recently discovered a security hole on the modems (which double > as > >> > routers) used by a Colombian ISP - ETB. > >> > > >> > It so happens that all incoming connections to an IP address on said > ISP > >> > on port 23 or port 80 land on the modem instead of the computer(s) > connected > >> > to it. Even if one tries to redirect those ports to a local machine, > the > >> > modem still gets all the connections on those ports. > >> > Also, connections on ports 23 and 80, from any IP address, will access > >> > the modem configuration options. Last year that could be done only > from > >> > private IP addresses (i.e. 192.168.0/24), but now it can be done, as I > said, > >> > from anywhere. I've been told that a few lucky users were able to > forward > >> > port 80, but in that case, it's port 8080 that is intercepted by the > modem. > >> > The end result is that anyone, from anywhere, can access the modem of > >> > anyone on ETB to mess up their configuration (e.g. obtaining and > changing > >> > the client's username and password, permanently disconnecting them > from the > >> > internet, and so on) - that is, if they have the administration > password. > >> > Unfortunately, ETB uses the same login/password on all of their modems > since > >> > 2006, which are publicly available on the web. > >> > Login: Administrator > >> > Password: soporteETB2006 > >> > > >> > The whole IP range 190.24/14 corresponds to ETB clients. Any IP on > that > >> > range where ports 80 and 23 are open is most likely a wide open ETB > modem. > >> > > >> > Apparently, this issue has been repeatedly reported to ETB, but it > >> > always falls on deaf ears. They seem to think this is no big deal > since > >> > nobody knows the username and password for the modems - which is not > the > >> > case, and even if it were, they would be easily crackable by brute > force. > >> > > >> > Peace, > >> > > >> > -Cilia > >> > > >> > > >> > > >> > > >> > > > ____________________________________________________________________________________ > >> > ¡Obtén la mejor experiencia en la web! > >> > Descarga gratis el nuevo Internet Explorer 8. > >> > http://downloads.yahoo.com/ieak8/?l=e1 > >> > > >> > _______________________________________________ > >> > Full-Disclosure - We believe in it. > >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> > Hosted and sponsored by Secunia - http://secunia.com/ > >> > > >> > >> > >> > >> -- > >> FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C > >> > http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on > >> http://pastebin.com/f6fd606da > >> > >> _______________________________________________ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > -- > FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C > http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on > http://pastebin.com/f6fd606da >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/