[AusNOG] Some ZyXEL routers vulnerable to DoS
Tim March
march.tim at gmail.com
Wed Jan 15 18:47:33 EST 2014
I've always liked the idea that Internode do this... Mainly because it
cuts down the load of my syslogd =)
That said, also I totally understand the "OK, if we keep adding ports to
the list then where do we stop?" argument against expanding the coverage.
What I /don't/ understand is why some carriers (Bigpond, for example),
who are subject to massive operational risk with the telnet thing,
continue to ignore it. This pisses me off a little because they'll be
the first one to cry "OMFG EVIL CYBER HAX0RS CYBER PWNED ALL OUR
CUSTOMERS ZOMGWTF ***Violently mashes AFP speed dial button***" when
someone finally uses it to bend them over.
T.
On 15/01/14 6:32 PM, Quentin Rittman wrote:
> from my iinet customer toolbox:
> "
>
> * Port 25 (smtp) inbound and outbound
> * Port 80 (http) inbound
> * Port 135 DCOM SCM inbound
> * Port 139 (netbeui/ipx) inbound
> * Port 443 inbound
> * Port 445 Microsoft Windows File sharing / NETBIOS inbound
>
>
>
> from my internode toolbox:
>
>
> Outbound
>
> * Port 25 (SMTP) to anywhere except mail.internode.on.net
> <http://mail.internode.on.net>
>
> * Port 135 - RPC
> * Port 137 - NetBIOS
> * Port 138 - NetBIOS
> * Port 139 - NetBIOS
> * Port 445 - SMB/CIFS
>
>
> Inbound
>
>
> Windows File Sharing
>
> * Port 135 - RPC
> * Port 137 - NetBIOS
> * Port 138 - NetBIOS
> * Port 139 - NetBIOS
> * Port 445 - SMB/CIFS
>
>
> Servers and Web
>
> * Port 22 - Secure Shell (SSH)
> * Port 23 - Telnet
> * Port 80 - Web pages (HTTP)
> * Port 443 - Secure web pages (HTTPS)
> * Port 3128 - Web proxy server
> * Port 8080 - Web proxy server
>
>
>
> On 15 Jan 2014, at 6:20 pm, Joshua D'Alton <joshua at railgun.com.au
> <mailto:joshua at railgun.com.au>> wrote:
>
>> Still is. Can't remember the exact ports, think 21-25 80 443 8080 .
>> Might be a BoB thing also.
>>
>>
>> On Wed, Jan 15, 2014 at 3:57 PM, Damian Guppy <the.damo at gmail.com
>> <mailto:the.damo at gmail.com>> wrote:
>>
>> Once upon a time iiNet did this as well, it was just something you
>> toggled in Toolbox, not sure if that is still the case.
>>
>> --Damian
>>
>>
>> On Wed, Jan 15, 2014 at 12:55 PM, Robert Hudson <hudrob at gmail.com
>> <mailto:hudrob at gmail.com>> wrote:
>>
>> On 15 January 2014 15:49, Tim March <march.tim at gmail.com
>> <mailto:march.tim at gmail.com>> wrote:
>>
>> Surely the easy answer here, at least the carriers who are
>> already
>> filtering, is to go;
>>
>> "OK, we know this is a huge risk so we're doing this. Call
>> us if you
>> want the port re-enabled."
>>
>>
>> This is exactly what Internode do. They have a standard set
>> of ports they block, and that's turned on by default on all
>> consumer services. You can fiddle with the settings under
>> your account management tools on their website.
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
--
PGP/GNUPG Public Key: http://d3vnu11.com/pub.key
More information about the AusNOG
mailing list