[CLUE-Talk] Cisco 675 security

Daniel Chenoweth daniel at chenoweth.net
Tue May 15 09:05:27 MDT 2001 

Hi B.,

I used a Cisco 675 ADSL Router for about a year (back when I had Qwest DSL).  It is very configurable, and with the built in NAT it makes a great first line of defense.

USWest use to ship them wide open with no telnet password and the telnet port open.  Anyone who knew a few Cisco commands could telnet right in, look at your PPP password, and reconfigure your 675.  That was over a year ago, so I hope they are not still shipping them that way.

Here is the site you need to visit, and pay special attention to the security section...

http://www.users.qwest.net/~rlutton/ADSL/

If I remember correctly, there is a way to make make the telnet and "web" ports invisible by using NAT to forward those ports to a bogus internal address.

Hope this helps.

Daniel Chenoweth
daniel at chenoweth.net

----------------------------------------------------------------------------


On Mon, May 14, 2001 at 11:19:16AM -0600, B O'Fallon wrote:
> Hello,
> 
> This might be of interest to owners of Cisco 675 ASDL modems.
> 
> I am using a Cisco 675 modem for my ASDL connection. The other day, I
> ran Steve Gibson's port scanner (www.grc.com) against my ISP address
> and found the telnet and http ports to be open.
> 
> When I called Qwest to see why, I was told that these modems were set
> up with these ports disabled, until the user connected to the CBOS, at
> which time they were enabled. I disabled them by telnetting in and
> then issuing, as root, the commands "set telnet disable" and "set web
> disable". Of course, this means that in the future that the ONLY way I
> can connect to configure the modem is by use of the serial cable.
> 
> Now I went back Gibson's site and ran the port scanner again. It still
> showed the ports as open. However, when I try to connect I immediately
> get disconnected. This occurs both under NT and Linux.
> 
> Running nmap against my IP address revealed:
> 
>     -- if nmap -sT -sU is used, all ports are closed. This took 31
> seconds.
> 
>     -- if nmap -P0 is used, the telnet and http port are open. This
> took 671 seconds.
> 
> Apparently leaving these ports open, according to Qwest, is a design
> "feature" on the part of Cisco and there has never been any
> explanation for it. While it would appear that although the ports may
> be open, connections to them are refused, so I am making the
> assumption that my 675 is secure.
> 
> Comments, anyone?
> 
> --
> B. O'Fallon
> bof at americanisp.net
> 
> I wrote it down so that I wouldn't have to remember.
> 
> 
> _______________________________________________
> CLUE-Talk mailing list
> CLUE-Talk at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-talk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 874 bytes
Desc: not available
Url : http://cluedenver.org/pipermail/clue-talk/attachments/20010515/3d5ff392/attachment.bin

More information about the clue-talk mailing list