|
Brought to you by:
Suppliers of:
|
|
|
| |
| SBC is currently deploying the Cayman-DSL router to its DSL customer's. (SBC communications is the parent company for Southwestern Bell, Ameritech, Pacific Bell, Nevada Bell, Cellular One, and a few more.) With this deployment SBC is neglecting to set a default password on the router, and this means that a large number of DSL routers out there are not protected by a password. This allows a remote attacker to connect to the router and take a complete control over it with no effort. |
| |
Credit:
The information was provided by: Andrew R. Siverly.
|
| |
Telco engineers often fail to set passwords on DSL modems installed at customer sites. The vulnerability affects many different DSL modems. The Cayman product is especially vulnerable because it defaults to having no password at all.
An individual with malicious intent could easy scan for these devices on a DSL providers network, connect to them, and disable them without significant effort. In addition, an intruder could disable access to the device itself by installing a password (which only they would know).
Another vulnerability is that these devices often can be set with static routing tables so packets could be sent through an environment where a malicious third party could monitor the traffic.
Example:
$ telnet 1.2.3.4
Trying 1.2.3.4
Connected to 1.2.3.4
Escape character is '^]'.
Terminal shell v1.0
Cayman-DSL Model 3220-H, DMT-ADSL (Alcatel) plus 4-port hub
Running GatorSurf version 5.3.0 (build R2)
( completed login: administrator level)
Cayman-DSLXXXXXX>
Solution:
Set your password on your Cayman router:
http://cayman.com/security.html#passwordprotect
How do I password protect the Cayman router?
Through the browser:
1. Browse into the Cayman router.
2. Click on the "Expert Mode" link.
3. A second of row of links will appear.
4. Select the "Passwords" link.
Through a Telnet session:
1. First establish a telnet session to the unit or connect serially to the console port at 9600 Baud.
2. At the prompt, type "configure" (all commands are typed without quotes).
3. At this point you will be at the "top" prompt - type "system".
4. Now you will be at the "system" prompt. Type "set password admin".
5. You will then be prompted for the new password and then be prompted to repeat the password. Once you have done this, you will be back at the system prompt.
6. Here you will need to repeat the process, this time for the user password, by doing the following steps:
7. Type, "set password user". Again you will then be prompted for the new password and then asked to repeat the password. Once this is done, you will be at the "system" prompt again. Here type, "quit", and you will be prompted, "Save modified configuration data [y|n] ?" Type, "yes" and the router is now password protected.
|
|
|
|
|
