Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Possible weird/insecure configuration of an ISP router exposed unfil

from [John Doe] Network Security [Permanent Link]
Subject: Re: Possible weird/insecure configuration of an ISP router exposed unfiltered to public internet?
Date: Fri, 28 Jan 2005 13:00:19 +0100 
Hi David

Thanks a lot for your answer!



4. (my main question!): The reason given by the ISP to expose
the router is totaly weird, because the IP range for
_outgoing_ ADSL-connections is irrelevant for router remote
administration, which is performed in the opposite direction
and need's only one IP, p.ex. the one of the target router.


  Uh, no.  Any TCP connection needs both source and target addresses.


Oh yes, I know this - but maybe my question was not clear, or I have another 
basic misunderstanding?

I used severel IPs (as target, not as source) to telnet the router, all of 
them where, _at_the_time_ I used them, in use by a ISP customer which is 
located in the same building and visiting my website. All these IPs I tried 
are within the ISPs IP pool used for their customers (most of them ADSL and 
non in the same building I think).

So, I thought:
- the IP (the router was reachable at) belonged to a PC somehow _within_ their 
network
- there is no need for the ISP to use their _own_ IPs (as source IP) when 
remote administering (but maybe this provides a basic restriction of source 
IPs?)
- why must the router be reachable _at_ (not from) some hundreds IP adresses 
(of their IP pool)?



  What the ISP said is:  We've considered only allowing telnet
connections to this box from specific source addresses (assigned
to those who should be able to administer the router).  


yes, I understand this; but the customer the IPs where assigned to is neither 
allowed nor capable to administer the router. I suppose none of their 
customers should aminister it


We haven't restricted access to only those sources yet; 


they even don't plan to do so.


it's entirely possible 
that the administrators need the option to access it from wherever
they are on the Internet *today*, and that changes, either because
they travel and/or they get an address via DHCP or other dynamic
mechanism.


ok, clear. 
So, independent from within what range those IPs at the moment of remote 
administration are: Is it common practice to admin a router by telnet from 
outside, exposing plain text password? Why not use ssh somehow? Is there no 
danger that  anybody brute forces the router password and can disable 
internet access for all the ISPs customers?


[...]


You are an expert, and I really hope not annoying you with 
bullshit... and if so, I really apologize, and I won't do more postings to 
this subject.

thanks again
J.

P.S. Shouldn't I have post this answer to the list?
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Packet sniffers, Roger A. Grimes
Next by Date:  RE: RPC over HTTP security, Kevin Doheny
Previous by Thread:  RE: Possible weird/insecure configuration of an ISP router exposed unfiltered to public internet?, David Gillett
Next by Thread:  RE: Possible weird/insecure configuration of an ISP router exposed unfiltered to public internet?, David Gillett
Indexes:  [Date] [Thread] [Top] [All Lists]