| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <25D1020F7B667D46A26928116F6E16397BE607@bne0285.au.fjanz.com>
Date: Fri, 28 Mar 2003 18:18:22 +1000
From: "Maslov, Snowy" <Snowy.Maslov@...itsu.com.au>
To: <bugtraq@...urityfocus.com>
Subject: Re: SNMP security issues in D-Link DSL Broadband Modem/Router
> From: Arhont Information Security [mailto:infosec@...ont.com]
> Sent: Friday, March 28, 2003 1:32 AM
> To: bugtraq@...urityfocus.com
> Subject: SNMP security issues in D-Link DSL Broadband Modem/Router
>
> While performing a general security testing of a
> network, we have found several security vulnerability
> issues with the D-Link DSL Broadband Modem DSL-500
Note that there are a couple of things you can do to alleviate this
problem.
1. Change the public and private SNMP community strings. You can do
this by logging into the DSL router via telnet or using the serial
connection and typing the following (the password for telnet by default
is 'private' - see below):
snmp access flush # Flushes all access strings
snmp access read <password> # Sets your RO community
password
snmp access write <password> # Sets your R/W community
password
# NOTE: This is also your telnet
# password! Make sure it is
kept
# safe!
snmp access list # Always good to check ;)
config save # Saves configuration
restart # Restarts router.
I would really recommend doing this as a matter of course anyways.
2. You can use the built-in IP filter package to remove access from the
WAN side to TCP and UDP port 161 (and if you are not using it on the LAN
side - I'd do the same there too).
Powered by blists - more mailing lists