Smart DSL security flaw

syklops · 08-05-2006 12:26pm #1

Hi,

I recently got Smart telecom, with the AOlynk DSL router, and while I was getting it working with my BSD box, I port scanned my public IP to see what was open. I noticed in the results that port 23 was open. I did not have a telnet server running so was surprised. I connected to it and found the remote configuration program for my router. It first had a prompt, and I put in the default username and password, and it authenticated me and logged me in. From here I could (among other things)create NAT rules for the network, so if I backdoored one of the computers in the network, I would be able to get NAT to forward the ports.

I did not try to, but an attacker might even be able to find the WEP key through the console on wirelessly equipped routers.

I then ping swept all the IP's in my public IP subnet, looking for port 23, and found several people with port 23 open. I would assume if they have not disabled the remote configuration, then they have not changed they router IP.

If you have smart telecom, change your router username to something else, and if you can disable remote config altogether.

-S-

kippy · 08-05-2006 1:18pm

If you have smart telecom, change your router username to something else, and if you can disable remote config altogether.

If you are using a router/networking device from any provider or manufacturer ensure you change the default username and password.

syklops · 08-05-2006 1:28pm

true, but especially if you have smart.

edanto · 08-05-2006 1:31pm

Thanks for the tip, I've changed the pwd as you recommend.

What did you use for the scan of your ports, please? I've found one or two with google, but I don't know if they're reputable.

Thanks.

gordonnet · 08-05-2006 1:47pm

the same could also be said for eircom / magnet /ntl /chorus

kippy · 08-05-2006 1:52pm

Not especially if you have Smart.....with all devices....
Many of them have remote management left switched on by default-either through HTTP, HTTPS or telnet.
Changing the password is one way of protecting your device.
Kippy

edanto · 08-05-2006 2:01pm

Having looked a bit further, the Shields Up service at GRC looks like the real deal and not a bunch of crackers. I've not looked for this service before, would you trust the GRC people?
http://www.grc.com/default.htm

WizZard · 08-05-2006 4:30pm

edanto wrote:

Having looked a bit further, the Shields Up service at GRC looks like the real deal and not a bunch of crackers. I've not looked for this service before, would you trust the GRC people?
http://www.grc.com/default.htm

Yes

rogue-entity · 09-05-2006 7:08pm

Most well known DSL modems like my (no problems so far) Zyxel provide a remote management system on both Telnet and WWW. On mine if I scan my public IP from inside my network it will show p23 and p80 open, but if I run a scan from GRC, all bar (for some reason) p0 is stealth and p0 is closed.

You should a) Change the default passwd and b) Set the remote management to LAN only (which is what I have done). You can also feel free to disable all bar the WWW management interface and change the port used by the other one (if you have two management systems like I have).

Gavin · 12-05-2006 4:16pm

http://www.grcsucks.com/

Smart DSL security flaw

Comments