Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: several vulnerabilities present in Belkin wireless routers

from [Ian Clelland] Network Security [Permanent Link]
Subject: Re: several vulnerabilities present in Belkin wireless routers
Date: Fri, 15 Jul 2005 15:25:11 -0700 
On Fri, Jul 15, 2005 at 04:37:10PM +0100, Steve Kemp wrote:

On Fri, Jul 15, 2005 at 08:14:14AM -0000, m123303@securityfocus.com wrote:


The first problem is the existance of a default telnet backdoor
running on the usual 23/tcp port. From my experience, telnet
interfaces are NOT enabled by default in wireless routers but rather,
they usually need to be enabled from their administrative web
interfaces manually:


<Start of output>

Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-06-06
18:34 BST
Initiating SYN Stealth Scan against BelkinModem.Belkin (192.168.2.1)



  The obvious question to ask here, is "Can the telnet service be
 connected to from the WAN side?".

  All the later content you present, whilst interesting, is of
 less value if the attacker must be on the LAN side of the router.


I suspect that the router will not be found vulnerable from that side,
but the exploit becomes interesting again if users on the Wireless LAN
are granted the same level of trust as those on the wired LAN. None of
the wireless routers I've seen have made any distinction between those
two segments, and they all come with default administration passwords
(and no requirement for the user to change them).

Of course, this 'exploit' really looks like just another example of an
'insecure by default' consumer device, rather than an issue with the
firmware.

Regards,
Ian
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ZH2005-16SA] Insecure temporary file creation in Skype for Linux, badpenguin
Next by Date:  Re: several vulnerabilities present in Belkin wireless routers, nicolas.ruff@gmail.com
Previous by Thread:  Re: several vulnerabilities present in Belkin wireless routers, Steve Kemp
Next by Thread:  Re: several vulnerabilities present in Belkin wireless routers, nicolas.ruff@gmail.com
Indexes:  [Date] [Thread] [Top] [All Lists]