[CLUE-Talk] Cisco 675 security

David Anselmi anselmi at intradenver.net
Mon May 14 15:43:24 MDT 2001 

Is it possible that these ports are open on the ethernet connection to the
675, but not on the WAN connection?  That's what I would guess Cisco would
do - they know a little about security.  If that's the case then leaving
those services on isn't quite as big a hole as it may seem (until your
internal network is cracked).

B O'Fallon wrote:

> Hello,
>
> This might be of interest to owners of Cisco 675 ASDL modems.
>
> I am using a Cisco 675 modem for my ASDL connection. The other day, I
> ran Steve Gibson's port scanner (www.grc.com) against my ISP address
> and found the telnet and http ports to be open.
>
> When I called Qwest to see why, I was told that these modems were set
> up with these ports disabled, until the user connected to the CBOS, at
> which time they were enabled. I disabled them by telnetting in and
> then issuing, as root, the commands "set telnet disable" and "set web
> disable". Of course, this means that in the future that the ONLY way I
> can connect to configure the modem is by use of the serial cable.
>
> Now I went back Gibson's site and ran the port scanner again. It still
> showed the ports as open. However, when I try to connect I immediately
> get disconnected. This occurs both under NT and Linux.
>
> Running nmap against my IP address revealed:
>
>     -- if nmap -sT -sU is used, all ports are closed. This took 31
> seconds.
>
>     -- if nmap -P0 is used, the telnet and http port are open. This
> took 671 seconds.
>
> Apparently leaving these ports open, according to Qwest, is a design
> "feature" on the part of Cisco and there has never been any
> explanation for it. While it would appear that although the ports may
> be open, connections to them are refused, so I am making the
> assumption that my 675 is secure.
>
> Comments, anyone?
>
> --
> B. O'Fallon
> bof at americanisp.net
>
> I wrote it down so that I wouldn't have to remember.
>
> _______________________________________________
> CLUE-Talk mailing list
> CLUE-Talk at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-talk

More information about the clue-talk mailing list