At 12:39 24/01/00 +1300, you wrote:
>that easy? does this give a potential cracker an in? bypassing the "firewall'
>
<snip>

No, in short it doesn't allow someone to bypass the firewall,
but it _could_ give a potential cracker 'an in' (to the m10
itself at least) in the sense that with the admin password
they are able to completely reconfigure the m10.

If I've got it right, management of the M10 can only occur
on the serial port and _any_ of the ip interfaces. The
ip interfaces in our configuration include:

IP Interfaces:
ENET (lan): ( up broadcast default rip-send v1 rip-receive v1 )
IP-Direct (vcc2): ( up broadcast default address-mapping )
PPP (vcc1): ( up point-to-point address-mapping )

In the configuration as shipped from Telecom, management
is allowed on the ENET & IP-Direct ip interfaces, not the
PPP interface. This prevents anyone from the internet
connecting to the shell of the m10. However someone
on the IP-Direct side (where does this go?? i don't know)
and the ethernet (your local lan) _can_ access the m10
shell and so use the admin password to do damage (if
their intent is malicious).

So it comes down to,
do you trust the users of your lan?
If not, change the admin password.

Do you trust telecom or anyone on the IP-Direct interface?
If not, disable administration access on dsl vcc2.
*olly whispers the above in fear of the wrath of the monsterous telecom*

>?
>
>Thing
>
>Oliver Mannion wrote:
>
>> A packet dump of a communication between Jetwiz & the M10
>> will reveal the admin password to be: *****.. Use
>> at your own discretion, Telecom will surely fry your arse
>> should you damage their equipment/network.
>
>
>
>

To unsubscribe: send mail to majordomo@freebsddiary.cx
with "unsubscribe adsl" in the body of the message
Received on Mon Jan 24 18:06:47 2000