lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 29 Dec 2009 12:15:30 -0500
From: "McGhee, Eddie" <Eddie.McGhee@....com>
To: T Biehn <tbiehn@...il.com>, Lee <ler762@...il.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: security hole on local ISP

Just another point to add to the dangers, once they have access to the router/modem simply setting up some port forwarding is going to give internal access, quick look at the DHCP client list forward the most prominent ports that are in use or stick interesting clients in a DMZ and attack away. 

-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of T Biehn
Sent: 29 December 2009 17:08
To: Lee
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] security hole on local ISP

This is a hiroshima versus 'harmless' mountain demonstration debate, Lee. Because the post includes the raw data including ports, passwords and ranges one must assume that "Cilia Pretel Gallo" was appealing to the lowest common denominator, to a group of individuals where checking NRO whois db for ETB's netblocks would not be an obvious first step.

Ahem.

-Travis

On Tue, Dec 29, 2009 at 11:36 AM, Lee <ler762@...il.com> wrote:
> On Tue, Dec 29, 2009 at 10:23 AM, T Biehn <tbiehn@...il.com> wrote:
>>
>> This is an orgiastic dump of information, you must really hate ETB; 
>> or you must be really excited for lulz.
>
> or you're hoping that full disclosure will get ETB to fix the problem.
>
> Regard,
> Lee
>
>>
>> -Travis
>>
>> On Tue, Dec 29, 2009 at 5:23 AM, Cilia Pretel Gallo 
>> <cpretelgallo@...oo.com> wrote:
>> > I've recently discovered a security hole on the modems (which 
>> > double as
>> > routers) used by a Colombian ISP - ETB.
>> >
>> > It so happens that all incoming connections to an IP address on 
>> > said ISP on port 23 or port 80 land on the modem instead of the 
>> > computer(s) connected to it. Even if one tries to redirect those 
>> > ports to a local machine, the modem still gets all the connections on those ports.
>> > Also, connections on ports 23 and 80, from any IP address, will 
>> > access the modem configuration options. Last year that could be 
>> > done only from private IP addresses (i.e. 192.168.0/24), but now it 
>> > can be done, as I said, from anywhere. I've been told that a few 
>> > lucky users were able to forward port 80, but in that case, it's port 8080 that is intercepted by the modem.
>> > The end result is that anyone, from anywhere, can access the modem 
>> > of anyone on ETB to mess up their configuration (e.g. obtaining and 
>> > changing the client's username and password, permanently 
>> > disconnecting them from the internet, and so on) - that is, if they have the administration password.
>> > Unfortunately, ETB uses the same login/password on all of their 
>> > modems since 2006, which are publicly available on the web.
>> > Login: Administrator
>> > Password: soporteETB2006
>> >
>> > The whole IP range 190.24/14 corresponds to ETB clients. Any IP on 
>> > that range where ports 80 and 23 are open is most likely a wide open ETB modem.
>> >
>> > Apparently, this issue has been repeatedly reported to ETB, but it 
>> > always falls on deaf ears. They seem to think this is no big deal 
>> > since nobody knows the username and password for the modems - which 
>> > is not the case, and even if it were, they would be easily crackable by brute force.
>> >
>> > Peace,
>> >
>> > -Cilia
>> >
>> >
>> >
>> >
>> >  
>> > ___________________________________________________________________
>> > _________________ ¡Obtén la mejor experiencia en la web!
>> > Descarga gratis el nuevo Internet Explorer 8.
>> > http://downloads.yahoo.com/ieak8/?l=e1
>> >
>> > _______________________________________________
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>> >
>>
>>
>>
>> --
>> FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C 
>> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprin
>> t=on
>> http://pastebin.com/f6fd606da
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



--
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists