[CLUE-Talk] Cisco 675 security
Daniel Chenoweth
daniel at chenoweth.net
Tue May 15 09:05:27 MDT 2001
Hi B.,
I used a Cisco 675 ADSL Router for about a year (back when I had Qwest DSL). It is very configurable, and with the built in NAT it makes a great first line of defense.
USWest use to ship them wide open with no telnet password and the telnet port open. Anyone who knew a few Cisco commands could telnet right in, look at your PPP password, and reconfigure your 675. That was over a year ago, so I hope they are not still shipping them that way.
Here is the site you need to visit, and pay special attention to the security section...
http://www.users.qwest.net/~rlutton/ADSL/
If I remember correctly, there is a way to make make the telnet and "web" ports invisible by using NAT to forward those ports to a bogus internal address.
Hope this helps.
Daniel Chenoweth
daniel at chenoweth.net
----------------------------------------------------------------------------
On Mon, May 14, 2001 at 11:19:16AM -0600, B O'Fallon wrote:
> Hello,
>
> This might be of interest to owners of Cisco 675 ASDL modems.
>
> I am using a Cisco 675 modem for my ASDL connection. The other day, I
> ran Steve Gibson's port scanner (www.grc.com) against my ISP address
> and found the telnet and http ports to be open.
>
> When I called Qwest to see why, I was told that these modems were set
> up with these ports disabled, until the user connected to the CBOS, at
> which time they were enabled. I disabled them by telnetting in and
> then issuing, as root, the commands "set telnet disable" and "set web
> disable". Of course, this means that in the future that the ONLY way I
> can connect to configure the modem is by use of the serial cable.
>
> Now I went back Gibson's site and ran the port scanner again. It still
> showed the ports as open. However, when I try to connect I immediately
> get disconnected. This occurs both under NT and Linux.
>
> Running nmap against my IP address revealed:
>
> -- if nmap -sT -sU is used, all ports are closed. This took 31
> seconds.
>
> -- if nmap -P0 is used, the telnet and http port are open. This
> took 671 seconds.
>
> Apparently leaving these ports open, according to Qwest, is a design
> "feature" on the part of Cisco and there has never been any
> explanation for it. While it would appear that although the ports may
> be open, connections to them are refused, so I am making the
> assumption that my 675 is secure.
>
> Comments, anyone?
>
> --
> B. O'Fallon
> bof at americanisp.net
>
> I wrote it down so that I wouldn't have to remember.
>
>
> _______________________________________________
> CLUE-Talk mailing list
> CLUE-Talk at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-talk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 874 bytes
Desc: not available
Url : http://cluedenver.org/pipermail/clue-talk/attachments/20010515/3d5ff392/attachment.bin
More information about the clue-talk
mailing list