OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Hacknisty (hacknistycaramail.com)
Date: Tue Jan 22 2002 - 13:07:05 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    This bug, as far as I know, only happends on GV8BAA3.253 versions and is
    only available on the eth0 local interface.
    NB:
    My modem is an Alcatel Speed Touch Home one, therefore Ethernet.
    Here are the informations about my modem:
            - active software version : GV8BAA3.253
            - firmware : 8706
            - Ip local : 10.0.0.1

    I did the tests from a basic distribution around LFS kernel 2.4.16
    My NMAP version is 2.54BETA30

    When I run NMAP -O 10.0.0.1 then the modem reboots
    As far as I can see this bug only happens on GV8BAA3.253 and only in local
    network.
    The LAN is protected from the incomming packets with Firewall rules that
    couldn't be modified (I don't think it's possible, not with this version
    anyway).

    How to know its software version:
    # ftp modem_ip (default : 10.0.0.138)
    Connected to 10.0.01
    220 Inactivity timer = 120 seconds. Use 'site idle <secs>' to change.
    Name (10.0.0.138:root):
    password :
     ## If you have a message like
    421 Service Not Available, remote server has closed connection
    Login failed.
    No control connection for command : No such file or directory.
    ftp >
    ## It means that you need a password
    ## To obtain your password, click on the link and read the F.A.Q. (it's in
    French, ask me for the translations)
    ##
    http://www.clubic.com/forum/05/message/2880-0.htm

    Once you're connected, type:
    ftp> cd active
    250 Changed to /active
    ftp>ls
    200 Connected to 10.0.0.11 port 33376
    150 Opening data connection for /bin/ls
    total 1
    -rwxrwxrwx 1 0 0 997001 Jun 29 1971 GV8BAA3.253
    <-- it's your active version
    -rwxrwxrwx 1 0 0 27 Jun 29 1971
    start.cmd
    -rwxrwxrwx 1 0 0 0 Jun 29 1971
    active.flg
    -rwxrwxrwx 1 0 0 32 Jun 29 1971
    system.ini
    -rwxrwxrwx 1 0 0 506 Jun 29 1971 ip.ini
    -rwxrwxrwx 1 0 0 308 Jun 29 1971
    phone.ini
    -rwxrwxrwx 1 0 0 28 Jun 29 1971 bridge.ini
    -rwxrwxrwx 1 0 0 0 Jun 29 1971
    atmf.ini
    -rwxrwxrwx 1 0 0 92 Jun 29 1971 pptp.ini
    -rwxrwxrwx 1 0 0 189 Jun 29 1971 dnsd.ini
    -rwxrwxrwx 1 0 0 217 Jun 29 1971 dhcp.ini
    -rwxrwxrwx 1 0 0 203 Jun 29 1971 ppp.ini
    -rwxrwxrwx 1 0 0 0 Jun 29 1971
    cip.ini
    -rwxrwxrwx 1 0 0 297 Jun 29 1971 nat.ini
    226 Options: -l : 0 matches total

    In order to know the firmware, follow the link above
    You're not obliged to change the modem in Pro mode, stop at the first telnet
    command then you'll have your firmware version (8704