Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Hawking Technologies HAR11A router considered insecure

from [Marcus Garvey] Network Security [Permanent Link]
Subject: Hawking Technologies HAR11A router considered insecure
Date: 26 Oct 2004 16:08:24 -0000 


The Hawking Technologies HAR11A modem//router is shipped insecure.  It
suffers from the infamous Conexant security hole (
http://www.chiark.greenend.org.uk/~theom/security/origo.html ). You can
find lots of references to this in a google search for "conexant port
254". 

You can see the Hawking Technologies HAR11A (picture:
http://www.hawkingtech.com/images/productlg/HAR11%20View.jpg ) security
hole by using telnet(1) to connect to port 254 on it. When you do, you
will find an undocumented management interface which allows you to see
connection statistics without a password. Visible menu choices on the
interface also allegedly allow  you to change parameters on the router,
but I don't know if they actually work without a password, or if the
password used here is the same as  the one assigned to the modem's
browser interface. I suspect that the same hole exists on the HAR14A,
but I don't have a sample to test. If you have this model (picture: 
http://www.hawkingtech.com/images/productlg/HAR14%20View.jpg), I'd love
to know if it has the same Troubles as the HAR11A.

You can close the security hole from the internet side by using the
"Virtual Host" feature in the modem's browser interface to forward ports
254, 255, and 23 to a nonexistent host (such as "10.0.209.5").  This
still allows access from the firewall side of the modem, however.
The safest thing to do is to put the modem into 'bridge mode' and do 
all your NAT, PPPOE, and security from your linux firewall.

I found out about this hole shortly after getting broadband networking
into my house. When I ran nmap(1) against my home IP address, I
discovered that ports 254,255,and 23 were open, and when I used
telnet(1) to connect to them, I found the management interface described
above. After I doused the fire in my hair, I found that this was unknown
to my ISP's tech support folks.  Hawking Technologies has promised
a patch for 20 October, but I haven't seen it yet on their site. 
You can keep an eye out for it  at http://www.hawkingtech.com. 

If you own one of these modems, you should at least make sure that the
security fix described above is in place. Without it, you could lose
your broadband connection without warning when the modem's power
cycles.  If you do not have got good records of what settings were in
the modem when it was working, you may find it difficult to fix the
problem.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Hawking Technologies HAR11A router considered insecure, Marcus Garvey <=
Previous by Date:  inetutils tftp client, DNS resolving bofs, infamous41md
Next by Date:  pppd out of bounds memory access, possible DOS, infamous41md
Previous by Thread:  inetutils tftp client, DNS resolving bofs, infamous41md
Next by Thread:  pppd out of bounds memory access, possible DOS, infamous41md
Indexes:  [Date] [Thread] [Top] [All Lists]