Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Livingston bugs...
From: elfchief () lupine org (Jay 'Whip' Grizzard)
Date: Tue, 12 Sep 1995 15:04:04 -0700


That is not a solution..
Portscanning is way to easy, and popular..  everyone has a scanner, everyone
uses a scanner..  Changing the port would just make it so that they would
scan for what is there..  Only delay it by a second or two..

Yep. I typically run with an alternate port on my routers, but you're right,
one simple sweep....

The real solution is to remove all such backdoors..  I dont recall about EVER
reading about this in the documentation on the router..  If this is in there,
what else is there?  Is there a back door that would give someone root on the
router?

Actually, yes, there is, but it requires a bit more effort. If you have
a -physical- connection to the router (via it's console port), you can
"override" the root password and get into a challenge-response system, at
which point you can then call livingston, tell them the challenge, and get
the response to let you into the router.

It's certainly not an easilly exploitable back-door, but certainly a concern
for those who can't assure physical security...

                                                                        -WW



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]