[AusNOG] Some ZyXEL routers vulnerable to DoS

Robert Hudson hudrob at gmail.com
Wed Jan 15 20:05:56 EST 2014


Unfortunately, when they ship ADSL modems with the built-in WiFi AP turned
on running an unsecured broadcast SSID and a default username/password for
administration (also available over the WiFi connection), open telnet ports
are the least of their concerns...
On 15/01/2014 6:48 PM, "Tim March" <march.tim at gmail.com> wrote:

>
> I've always liked the idea that Internode do this... Mainly because it
> cuts down the load of my syslogd =)
>
> That said, also I totally understand the "OK, if we keep adding ports to
> the list then where do we stop?" argument against expanding the coverage.
>
> What I /don't/ understand is why some carriers (Bigpond, for example),
> who are subject to massive operational risk with the telnet thing,
> continue to ignore it. This pisses me off a little because they'll be
> the first one to cry "OMFG EVIL CYBER HAX0RS CYBER PWNED ALL OUR
> CUSTOMERS ZOMGWTF ***Violently mashes AFP speed dial button***" when
> someone finally uses it to bend them over.
>
>
>
> T.
>
> On 15/01/14 6:32 PM, Quentin Rittman wrote:
> > from my iinet customer toolbox:
> > "
> >
> >   * Port 25 (smtp) inbound and outbound
> >   * Port 80 (http) inbound
> >   * Port 135 DCOM SCM inbound
> >   * Port 139 (netbeui/ipx) inbound
> >   * Port 443 inbound
> >   * Port 445 Microsoft Windows File sharing / NETBIOS inbound
> >
> >
> >
> > from my internode toolbox:
> >
> >
> >           Outbound
> >
> >       * Port 25 (SMTP) to anywhere except mail.internode.on.net
> >         <http://mail.internode.on.net>
> >
> >       * Port 135 - RPC
> >       * Port 137 - NetBIOS
> >       * Port 138 - NetBIOS
> >       * Port 139 - NetBIOS
> >       * Port 445 - SMB/CIFS
> >
> >
> >               Inbound
> >
> >
> >                     Windows File Sharing
> >
> >           * Port 135 - RPC
> >           * Port 137 - NetBIOS
> >           * Port 138 - NetBIOS
> >           * Port 139 - NetBIOS
> >           * Port 445 - SMB/CIFS
> >
> >
> >                     Servers and Web
> >
> >           * Port 22 - Secure Shell (SSH)
> >           * Port 23 - Telnet
> >           * Port 80 - Web pages (HTTP)
> >           * Port 443 - Secure web pages (HTTPS)
> >           * Port 3128 - Web proxy server
> >           * Port 8080 - Web proxy server
> >
> >
> >
> > On 15 Jan 2014, at 6:20 pm, Joshua D'Alton <joshua at railgun.com.au
> > <mailto:joshua at railgun.com.au>> wrote:
> >
> >> Still is. Can't remember the exact ports, think 21-25 80 443 8080  .
> >> Might be a BoB thing also.
> >>
> >>
> >> On Wed, Jan 15, 2014 at 3:57 PM, Damian Guppy <the.damo at gmail.com
> >> <mailto:the.damo at gmail.com>> wrote:
> >>
> >>     Once upon a time iiNet did this as well, it was just something you
> >>     toggled in Toolbox, not sure if that is still the case.
> >>
> >>     --Damian
> >>
> >>
> >>     On Wed, Jan 15, 2014 at 12:55 PM, Robert Hudson <hudrob at gmail.com
> >>     <mailto:hudrob at gmail.com>> wrote:
> >>
> >>         On 15 January 2014 15:49, Tim March <march.tim at gmail.com
> >>         <mailto:march.tim at gmail.com>> wrote:
> >>
> >>             Surely the easy answer here, at least the carriers who are
> >>             already
> >>             filtering, is to go;
> >>
> >>             "OK, we know this is a huge risk so we're doing this. Call
> >>             us if you
> >>             want the port re-enabled."
> >>
> >>
> >>         This is exactly what Internode do.  They have a standard set
> >>         of ports they block, and that's turned on by default on all
> >>         consumer services.  You can fiddle with the settings under
> >>         your account management tools on their website.
> >>
> >>         _______________________________________________
> >>         AusNOG mailing list
> >>         AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
> >>         http://lists.ausnog.net/mailman/listinfo/ausnog
> >>
> >>
> >>
> >>     _______________________________________________
> >>     AusNOG mailing list
> >>     AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
> >>     http://lists.ausnog.net/mailman/listinfo/ausnog
> >>
> >>
> >> _______________________________________________
> >> AusNOG mailing list
> >> AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
> >> http://lists.ausnog.net/mailman/listinfo/ausnog
> >
> >
> >
> > _______________________________________________
> > AusNOG mailing list
> > AusNOG at lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> >
>
> --
> PGP/GNUPG Public Key: http://d3vnu11.com/pub.key
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140115/4f3ee812/attachment.html>


More information about the AusNOG mailing list