lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <dd5f2deb0912291021k2fe7656ayae832ad191b593c4@mail.gmail.com>
Date: Tue, 29 Dec 2009 13:21:09 -0500
From: Lee <ler762@...il.com>
To: T Biehn <tbiehn@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: security hole on local ISP

On Tue, Dec 29, 2009 at 12:08 PM, T Biehn <tbiehn@...il.com> wrote:

> This is a hiroshima versus 'harmless' mountain demonstration debate,
> Lee. Because the post includes the raw data including ports, passwords
> and ranges one must assume


no, I don't >have< to make that assumption


> that "Cilia Pretel Gallo" was appealing to
> the lowest common denominator, to a group of individuals where
> checking NRO whois db for ETB's netblocks would not be an obvious
> first step.
>

Just because you or I wouldn't have made a full disclosure of the problem it
doesn't necessarily follow that "Cilia Pretel Gallo" was appealing to the
lowest common denominator.

The few times I've found something that I considered a security issue & the
vendor didn't agree, a "So you're OK with me posting the details to Full
Disclosure then?" was enough to get them to reconsider.  I doubt the OP
tried that tactic with ETB..  but it seems to me the real problem is with
ETB leaving this [alleged - I haven't bothered to check] security hole wide
open.

Regards,
Lee



>
> Ahem.
>
> -Travis
>
> On Tue, Dec 29, 2009 at 11:36 AM, Lee <ler762@...il.com> wrote:
> > On Tue, Dec 29, 2009 at 10:23 AM, T Biehn <tbiehn@...il.com> wrote:
> >>
> >> This is an orgiastic dump of information, you must really hate ETB; or
> >> you must be really excited for lulz.
> >
> > or you're hoping that full disclosure will get ETB to fix the problem.
> >
> > Regard,
> > Lee
> >
> >>
> >> -Travis
> >>
> >> On Tue, Dec 29, 2009 at 5:23 AM, Cilia Pretel Gallo
> >> <cpretelgallo@...oo.com> wrote:
> >> > I've recently discovered a security hole on the modems (which double
> as
> >> > routers) used by a Colombian ISP - ETB.
> >> >
> >> > It so happens that all incoming connections to an IP address on said
> ISP
> >> > on port 23 or port 80 land on the modem instead of the computer(s)
> connected
> >> > to it. Even if one tries to redirect those ports to a local machine,
> the
> >> > modem still gets all the connections on those ports.
> >> > Also, connections on ports 23 and 80, from any IP address, will access
> >> > the modem configuration options. Last year that could be done only
> from
> >> > private IP addresses (i.e. 192.168.0/24), but now it can be done, as I
> said,
> >> > from anywhere. I've been told that a few lucky users were able to
> forward
> >> > port 80, but in that case, it's port 8080 that is intercepted by the
> modem.
> >> > The end result is that anyone, from anywhere, can access the modem of
> >> > anyone on ETB to mess up their configuration (e.g. obtaining and
> changing
> >> > the client's username and password, permanently disconnecting them
> from the
> >> > internet, and so on) - that is, if they have the administration
> password.
> >> > Unfortunately, ETB uses the same login/password on all of their modems
> since
> >> > 2006, which are publicly available on the web.
> >> > Login: Administrator
> >> > Password: soporteETB2006
> >> >
> >> > The whole IP range 190.24/14 corresponds to ETB clients. Any IP on
> that
> >> > range where ports 80 and 23 are open is most likely a wide open ETB
> modem.
> >> >
> >> > Apparently, this issue has been repeatedly reported to ETB, but it
> >> > always falls on deaf ears. They seem to think this is no big deal
> since
> >> > nobody knows the username and password for the modems - which is not
> the
> >> > case, and even if it were, they would be easily crackable by brute
> force.
> >> >
> >> > Peace,
> >> >
> >> > -Cilia
> >> >
> >> >
> >> >
> >> >
> >> >
>  ____________________________________________________________________________________
> >> > ¡Obtén la mejor experiencia en la web!
> >> > Descarga gratis el nuevo Internet Explorer 8.
> >> > http://downloads.yahoo.com/ieak8/?l=e1
> >> >
> >> > _______________________________________________
> >> > Full-Disclosure - We believe in it.
> >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> > Hosted and sponsored by Secunia - http://secunia.com/
> >> >
> >>
> >>
> >>
> >> --
> >> FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
> >>
> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
> >> http://pastebin.com/f6fd606da
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>
> --
> FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
> http://pastebin.com/f6fd606da
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ