|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Cisco 675 password nonsense
Brian Elfert (brian
CITILINK.COM)
Tue, 3 Aug 1999 10:28:48 -0500
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Dallas Cooper: "Re: DPEC Online Courseware"
- Previous message: Mike Frantzen: "Followup: Remotely Lock up Gauntlet 5.0"
- In reply to: Mike Frantzen: "Remotely Lock Up Gauntlet 5.0"
- Next in thread: Dave Dittrich: "Re: Cisco 675 password nonsense"
- Next in thread: Francis Bodie: "Re: Cisco 675 password nonsense"
- Reply: Dave Dittrich: "Re: Cisco 675 password nonsense"
On Sat, 31 Jul 1999, DeMoNx wrote:
> switching all non-business/special adsl accounts over to using PPP rather
> than bridging mode for 'security reasons', I got a little suspicious. With
With good reason. In bridging mode with a Windows 9x/NT box, your network
neighborhood will show everyone else's PC that has any file/print sharing
enabled. So, it's trivially easy to connect to a non-passworded share.
Now, ideally, all these shares would be passworded, but we know that'll
never happen. Not having the shares show up in network neighborhood is a
bit of security by obscurity, but it's harder to connect to a share if
it's not in your network neighborhood.
> them. The problem is, *most* of these guys don't set passwords on the
> 675's. It is very simple to compromise an unpassworded 675. simply hit
> 'enter' at the password prompt after telnetting in, if you get a cbos>
> promt you are half way there, NOT GOOD. If there is no exec mode password
> set, then there most likely won't be an enable(superuser) mode password
Cisco has recognized this as a problem. This is fixed in 2.1.0a or in
2.2.0 (2.2.0 out shortly). The 675 will react like classic IOS and not
allow telnet if a exec password is not set.
BTW, in US West land at least, 90 to 95% of all installs are self install
where a tech never visits the customer.
Brian
- Next message: Dallas Cooper: "Re: DPEC Online Courseware"
- Previous message: Mike Frantzen: "Followup: Remotely Lock up Gauntlet 5.0"
- In reply to: Mike Frantzen: "Remotely Lock Up Gauntlet 5.0"
- Next in thread: Dave Dittrich: "Re: Cisco 675 password nonsense"
- Next in thread: Francis Bodie: "Re: Cisco 675 password nonsense"
- Reply: Dave Dittrich: "Re: Cisco 675 password nonsense"
This archive was generated by hypermail 2.0b3 on Wed Aug 04 1999 - 12:25:56 CDT