New Zealand ADSL Mailing List


Re: which modem is best (Linux)

From: Mark Foster <blakjak_at_blakjak.net>
Date: Mon, 4 Aug 2003 19:57:22 +1200 (NZST)
Message-ID: <32818.203.167.228.98.1059983842.squirrel@secure.blakjak.net>

Robert -
Thank you.

For the record ive asked for comment from one of NZ's D-Link Distributors.
 Will post when I know.
I'm definately not aware of any documented cases of executed exploits on
local versions... Disabling SNMP is no biggie as I doubt joe-user would
ever use it.

> A quick google shows A page detailing the exploit (well not even an
> exploit really. Just plain dodgy firmware)
> google for:
> DSL-500 snmp remote security
>
> Or just go here:
> http://www.securitytracker.com/alerts/2003/Mar/1006396.html
> or here:
> http://www.smh.com.au/articles/2003/03/28/1048653851457.html
> or here:
> http://www.sans.org/newsletters/sac/vol3_15.php
>
> Both the 500 and the 300G and 300G+ are affected. I dont know of any
> others that are. But I wouldn't take my word for it. Find out for
> yourself if you buy a Dlink.
>
> Cheers,
> Rob
>
>
> --
> --------------
> Robert McDonald
> NZPages.Net Web Services
> Ph: 021 1770061
> ICQ: 86984875
> http://www.nzpages.net
>
> On Mon, 04 Aug 2003 18:24, Mark Foster wrote:
>> > dont go with the DSL-500
>> > It has VERY nasty backdoors in the firmware (eg, you can rip out
>> > someones username and password using SNMP management. And its not
>> > firewalled to the internal interface only. It only takes a quick
>> > nmap of an ISPs DSL network and you'll find lots.
>> > Dlink said they fixed the problem with a firmware update. But they
>> > lied (or at least didn't tell all of the truth)
>> >
>> > Cheers,
>> > Rob
>>
>> Can we have some evidence of this please?
>>
>> Any routers firmware can be hacked but if theres a serious issue with
>> the DLink im sure theres people who need to know about it.
>> On the other hand the current version of Firmware has been current for
>> some time and ive not seen any security issues come up through various
>> forums.
>> Details, please! This is a serious allegation and some facts to back
>> it up can only help us out.
>> Mark.
>>
>> (Opinions are mine and do not reflect my employer or any companies
>> associated with my employer)
>
>
> --
> This message is part of the NZ ADSL mailing list.
> see http://unixathome.org/adsl/ for archives, FAQ,
> and various documents.
> To unsubscribe: send mail to majordomo@lists.unixathome.org
> with "unsubscribe adsl" in the body of the message
> 

-- 
This message is part of the NZ ADSL mailing list. 
see http://unixathome.org/adsl/ for archives, FAQ, 
and various documents. 
To unsubscribe: send mail to majordomo@lists.unixathome.org 
with "unsubscribe adsl" in the body of the message
Received on Mon Aug 4 19:57:29 2003

This archive was generated by hypermail 2.2.0 : Thu Nov 30 11:48:26 2006 EST