Home page logo
/

bugtraq logo Bugtraq mailing list archives

Pocsag remote access to client can't be disabled.
From: kuji () BOGUS NET (Kuji)
Date: Fri, 3 Mar 2000 20:02:24 -0000


While playing with the ever fun tool Pocsag v2.05, I found something
interesting.
The client  by default accepts connections on port 8000 with the password
'password' even if the
TCP/IP Remote access on port xxxx box is unchecked.
You can change the default port, however the client will still accept
connections to that new port even if you think the access is disabled.

e.g.

firewalker> telnet 127.1 8000

POC32 2.05 (SHAREWARE) Remote Access Interface

Password: <enter 'password' here>
Password not accepted.

Password:
Password accepted.

You don't seem to be able to do much more than view the streams of decoded
pager messages, but still I'd rather know what connections I am enabling.

Solution: Set a new password for remote access and be aware that the box
don't stop someone trying to brute force it.

firewalker> telnet 127.1 8000

POC32 2.05 (SHAREWARE) Remote Access Interface

Password: <enter 'new password' here>
Password not accepted.

Password:
Password not accepted.

Password:

Kuji
www.bogus.net/kuji


  By Date           By Thread  

Current thread:
  • Pocsag remote access to client can't be disabled. Kuji (Mar 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]