[AusNOG] Some ZyXEL routers vulnerable to DoS

Tim March march.tim at gmail.com
Wed Jan 15 15:49:23 EST 2014


On 15/01/14 2:31 PM, Heinz N wrote:
>
> (And their tummy will hurt)

That's the risk! =)

> Certainly Telstra & Optus already block ports
> on their consumer plans, what is so hard to block a few more.

This.

I'm curious - who on the list is actually running telnet over the public
internet on TCP/23 for any real production purpose any more?

Surely the easy answer here, at least the carriers who are already
filtering, is to go;

"OK, we know this is a huge risk so we're doing this. Call us if you
want the port re-enabled."

... I know rand($MassiveCarrier) would probably act pretty quickly if
"someone I met on the internet and have no way of identifying or
contacting again" dumped 10,000 or so customer credentials, mirrored
their POP accounts, wiped the CPE firmware and dropped the lot on
pastebin...

"Yeah... Have fun with that, guize."



T.

On 15/01/14 3:32 PM, Damian Guppy wrote:
> I'm sure the carriers are just going to wait long enough until they are
> forced to deploy CGNAT to all consumers and that will take care of 2
> birds with one stone.
> 
> --Damian
> 
> 
> On Wed, Jan 15, 2014 at 11:31 AM, Heinz N <ausnog at equisoft.com.au
> <mailto:ausnog at equisoft.com.au>> wrote:
> 
> 
>     Careful, don't tell anyone in AUS about it as they will call the
>     feds on you ;-) (And their tummy will hurt)
> 
>     We should just let those lovely chinese and russian helpful people
>     find and "fix" the situation for us :-) Then Ralph will have to
>     take notice.
> 
>     Just monitor SYN on port 22 & 23 and see for yourself. There are just
>     SO many helpful souls all over the world waiting to help us all
>     the time. They must truly love us :-)
> 
>     The problem with CPE is that the end user has absolutely no
>     idea about all the bytes hitting their interface and cannot
>     monitor it. Certainly Telstra & Optus already block ports
>     on their consumer plans, what is so hard to block a few more.
>     It is the normal consumer plans where all of the unsecured
>     stuff would be anyway. This is just my humble opinion.
> 
>     H.
> 
> 
>         Yay CPE SYN DoS \o/
> 
>         When the open telnet issue was discussed (again... and nothing
>         happened... again... because hard.) a while back "someone I met
>         on the
>         internet and have no way of identifying or contacting again"
>         spent some
>         time actively scanning a few large .au residential netblocks. They
>         prioritised the open/unsecure telnet services by volume and
>         wrote an NSE
>         (Nmap Scripting Engine) plugin to authenticate against the top
>         couple
>         (Busybox) w/ default credentials, dump the configs and default
>         the flash.
> 
>         Eventually someone else will do the same and they'll actually
>         use it.
>         Then you'll have something to worry about. This is a really old
>         story. I
>         did talk to one of the big carriers about it but got Ralph Wiggum.
> 
>         </broken record>
> 
> 
> 
> 
>         T.
> 
>         On 15/01/14 1:44 PM, Tom Storey wrote:
> 
>             This has been in discussion on uknof for a day or two, not
>             sure how
>             many here might be using the affected units or have
>             customers with
>             them, but something to be aware of.
> 
>             http://www.theregister.co.uk/__2014/01/14/chinese_hackers___cripple_british_firms___internet_connections/
>             <http://www.theregister.co.uk/2014/01/14/chinese_hackers_cripple_british_firms_internet_connections/>
>             _________________________________________________
>             AusNOG mailing list
>             AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>             http://lists.ausnog.net/__mailman/listinfo/ausnog
>             <http://lists.ausnog.net/mailman/listinfo/ausnog>
> 
> 
>         -- 
>         PGP/GNUPG Public Key: http://d3vnu11.com/pub.key
>         _________________________________________________
>         AusNOG mailing list
>         AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>         http://lists.ausnog.net/__mailman/listinfo/ausnog
>         <http://lists.ausnog.net/mailman/listinfo/ausnog>
> 
>     _________________________________________________
>     AusNOG mailing list
>     AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>     http://lists.ausnog.net/__mailman/listinfo/ausnog
>     <http://lists.ausnog.net/mailman/listinfo/ausnog>
> 
> 

-- 
PGP/GNUPG Public Key: http://d3vnu11.com/pub.key


More information about the AusNOG mailing list