lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200404290137.43983.user86@earthlink.net>
Date: Thu, 29 Apr 2004 01:37:43 -0400
From: user86 <user86@...thlink.net>
To: bugtraq@...urityfocus.com
Subject: Re: SMC Routers have remote administration enabled by default


On Thursday 29 April 2004 01:10, user86 wrote:
> On Wednesday 28 April 2004 12:55, user86 wrote:
> > There are two workarounds:
> > 1.  Enable the router's firewall in its "Advanced Setup"
> >
> > 2.  Forward port 1900 of the router to a non-existent internal IP address
> > (such as 192.168.2.248 if it isn't in use).
>
> A third workaround on the 7008ABR with firmware 1.032 is to go into the
> router's "Advanced Setup" click "System" then "Remote Management" and click
> "Apply" (even without changing any setting) and port 1900 then closes
> itself.

Ugh!  Scratch that third workaround!  I just found out that that third 
workaround only works as long as the router stays up.  If the router is 
rebooted for *any* reason, such as during a power outage or by the user 
through the web interface, port 1900 is open again when the router boots back 
up!



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ