Hidden Backdoor Discovered On HP MSA2000 Arrays 197
wiredmikey writes "A hardcoded password-related security vulnerability has been discovered which apparently affects every HP MSA2000 G3, a modular large scale storage array. According to the alert, a hidden user exists that doesn't show up in the user manager, and the password cannot be changed, creating a perfect 'backdoor' opportunity for an attacker to gain access to potentially sensitive information stored on the device, as well as systems it is connected to."
Wow... (Score:5, Funny)
The hard coded user and password in the HP MSA2000 is set to: username: admin
password: !admin
WaHAHAHAHAH! Not even "n9xe2uPAthe9" or even "Mr.Snuffles". And it is exactly the same as the very generic username, except for one extra character. It's almost as bad(or perhaps even worse) then using "123456" or even "password." [slashdot.org]
This further proves that "faith based security" - relying on vendors to provide systems with built-in robust security- is not a good practice.
Well...nah, I won't even go there. Too easy. I'm trying to be a good boy. Would somebody like to post a sysadmin's prayer for us?
Re: (Score:2)
Re:Wow... (Score:5, Funny)
Re:Wow... (Score:5, Funny)
Yes but you've now seen the ! so it's NOT admin, we'll have to keep looking.
Those HP guys are clever.
Re: (Score:3)
Its because whoever would use that login is obviously not the admin.
Re: (Score:3)
He is, however, a very naughty boy.
Re: (Score:2)
But is he the Messiah?
Re: (Score:2)
A login/password worthy of the emperor would be: biggus dickus
Re:Wow... (Score:5, Interesting)
Wonder if that might be a new check to run on vendor systems to weed out the truly stupid 'features' like this one. Run a script to create frequently used admin accounts and see if any fail due to them already existing.
Re: (Score:2)
To be fair, to use that login you have to go through a few steps:
1. You have to be shrunk down and enter you own brain.
2. Remove your common sense.
3. Show the back door your admin and not admin.
Re: (Score:2)
The only way they could have made it more secure would have been to use fnordadmin. Then it would have been REALLY obscured.
Re: (Score:2)
more likely is a bored HP Designer wanted an easy password to remember...
*put-on-tin-hat*
OR
The NSA/CIA/IRS or Homeland (in)Security asked for a backdoor and HP decided to give them one their IQ could remember....
*keep-tinfoil-hat-on* (hey!! they could be listening to my thoughts...)
Re: (Score:2, Interesting)
Anyone started testing other HP equipment for the same issue?
Not familiar with the product in question, but it's possible a superuser account could have been embedded like this so they could reset data on RMA'd units without having to pull the chips... or for remote troubleshooting. That doesn't make it any less stupid, but if it's here there's no reason it couldn't exist in other similar products... or even not so similar ones.
Probably worth checking if you have any HP gear in house, better safe than sorry
Some other examples (Score:3, Interesting)
Your point about relying on vendors is a superb one. Here's another data point to be concerned with.
A lot of startups, and not-so-small companies, source their boxes from Asian manufacturers. This is generally known, and not a surprise. What may be a surprise is that not even the vendor who turns it into an server type of product is authorized to open the box. If they do, the warranty is voided. The top end boxes will go for +$15K a pop, so you can darn well be certain that the vendor doesn't open the syste
Re: (Score:2)
We have servers that cost a lot more than that, we open them all the time.
Re: (Score:2)
What does opening the box have to do with backdoor passwords?
I looked inside the case of my NAS recently, and didn't see any passwords. Does that mean I am safe?
Re: (Score:2)
I looked inside the case of my NAS recently, and didn't see any passwords. Does that mean I am safe?
You obviously aren't looking hard enough.
Re: (Score:2)
Right. You have to turn the cover over and look at the underside.
"Do not remove eraser."
Re: (Score:2)
I can think of a half dozen vendors, who's names everyone recognizes,
And who you utterly fail to mention - why? Are you afraid of being sued? It's not libel if it's true. Either that or you're full of shit.
Re: (Score:2)
"Mr.Snuffles"
How did you find my password?
Re: (Score:2)
Re: (Score:2, Insightful)
Would somebody like to post a sysadmin's prayer for us?
Our Router, which art in IOS
hallowed be thy interface
thy packets come
thy routing be done
on the LAN as it is on the Web.
Give us this day our daily Clues
And forgive us our LARTings
As we LART those who make stupid service requests
And lead us not into Windows support
but deliver us from lusers
For thine is the Network
The Bandwidth and the Packet
For the duration of the DHCP lease.
Amen
Re: (Score:3)
No one ever got fired for buying HP . . . (Score:2)
Oh wait...
And the password is..... (Score:4, Funny)
cntraltdelete
If that is too long to type, you can use the shortcut keys on your keyboard. This HP thing goes deep. . . .
Hello Joshua ... (Score:4, Funny)
How about a nice game of chess?
That's funny, because (Score:4, Funny)
Whenever you type '!admin' all I see is '******'. Whereas, if I type 'hunter2', all you see is '*******'.
Re: (Score:2)
lets try this out
Re: (Score:2)
Re: (Score:2)
xxxxxxxxxxxxxxxxxxxxxxxxx
lets try this out
Wow, your password would take forever to crack.
Re: (Score:2)
Not working here (Score:5, Informative)
A quick login test on my MSA 2012i G3 doesn't work.
"Access denied"
more testing later.
J
Re: (Score:2)
--
Re: (Score:2)
Send me your IP, I'll take a look.
Re:Not working here (Score:5, Informative)
Re:Not working here (Score:5, Insightful)
On the article some guy said it is only accessible through the serial port.
Which kind of changes the whole tone in my opinion. I'm of the persuasion that if a black hat has physical access to your hardware, you've already lost. It's still shockingly bad practice from a vendor, but if this is true it goes from a serious issue to a moderate one.
Re: (Score:2)
Re: (Score:2)
Then this is much less of an issue.
If the attacker can get to the serial port they can just trash the thing if they want too.
Re: (Score:3)
Unless someone put a dial-in modem or telnet-to-serial converter on the maintenance port. You know, for ease of oh-dark-thirty troubleshooting? I mean, rapid response to late-night network trouble calls.
I've been a sysadmin at a largish installation. Maintenance modems aren't rare. You might hope the out-of-band command channels would be at least as secure as the in-band ones.
Re: (Score:2)
Out of band is almost always worse. Which is why you should have the maintenance modem itself require strong passwords.
Re: (Score:2)
Try 'manage' as the username.
Re:Not working here (Score:5, Informative)
The array they mean is really the MSA P2000 G3, which is a new 8Gb/s fibre channel array. Note that the array is OEM'd from Dot Hill.
I tried the 'exploit' on my array. Yes, I can log in with admin/!admin, and no, the admin account does not show up in the GUI listing. BTW, the "admin/!admin" combo was the default login on previous versions of this array, but for this version, the default account was changed to "manage". I'd guess this is a coding error, not some deliberate backdoor.
The article is wrong that the password cannot be changed. You can change it just fine from the CLI:
HP StorageWorks MSA Storage P2000 G3 FC
System Name: MSA_P2000_1
System Location:XXXXXXXXX
Version:L100R013
# set password admin
Enter new password: ****
Re-enter new password: ****
Success: Command completed successfully. (admin) - The password was changed.
Verified that login is no longer possible via web GUI or SSH. Problem solved.
- Necron69
The Cisco teleconference backdoor could be deadly (Score:3)
Read the Cisco vulnerability report: root control of the device...
Think where this teleconferencing suites are used: The Whitehouse, Pentagon, Central Command and every three star command...
Who might want to lurk on some reality TV?
FEAR (Score:5, Insightful)
If someone disables the building's primary security system, defeats the lock on your front door, breaks in, when nobody's there, figures out where your MSA is, defeats your server room's dedicated primary alarm system, breaks through the steel fire door into your server room, defeating the ANSI GRADE 1 industrial access control locks, figures out the precise cage where your MSA2000 is located, defeats the cage locks, figures out the combination to open your cabinet, and somehow removes the faceplate without triggering the intrusion alarm, or motion detectors, noise sensors, and surveillance cameras attached to the server room's secondary security/environment monitoring system.
Then yes... there is a small chance someone might be able to insert a serial connector into your MSA to login as this GUI-unavailable backdoor user without the perp getting caught pretty quickly.
By the way, the 'password security' on many routers can be defeated by sending a BREAK via serial console during reboot, or by pushing a recessed RESET button. Where is the outrage?
Re: (Score:2)
Um.. You mean all they have to do is put on a set of blue coveralls, carry a small tool box with some sticker from one of the Ma Bells or even a printer manufacturer on the side, and claim he is there is complete some order started a month ago and we are all doomed?
That's not very comforting.
User: Carli (Score:2)
Password:spyspyspyspy
Re:Ok so two things (Score:5, Interesting)
One would assume that you would hardcode it so if the user loses his password, he can call the company. And trust me, they WILL lose their password.
One would hope that the password is put somewhere that a firmware flash can change it however.
Re:Ok so two things (Score:5, Insightful)
That doesn't need a single hardcoded password. Generate one based on the serial number of the device. Recoverable, and a heck of a lot more secure than a single password for everybody.
Livingston Routers (Yes, I'm old) (Score:3)
Livingston (now Lucent) routers had a recovery mode where you physically had to flip a DIP switch and read a key to them.
If I remember correctly, this would get you one factory default wipe, so you could get back in and then restore the settings.
IMHO, this is the only type of solution that works, you need physical access, AND have to be willing to restore from backup.
Re: (Score:2)
Not quite security by obscurity, if the number isn't presented in the UI anywhere (it becomes "something you have").
Where are you getting 5 bits of entropy? Hell, the serial number on my HP laptop is 10 alphanumeric.
Re: (Score:2)
Why do you assume they generate a pass using a simple hash? The phrase "based on the serial number" doesn't say anything about the transform used.
For all we know "based on the serial number" means they're using public key cryptography on an extremely secure system...
Re: (Score:2)
Okay I understand that but this is dumb. Maybe require a physical button or key to be turned on the server to allow that password to be used! Or maybe an USB device with crypto on it plugged in to activate it?
I mean really people HP must have people that are at least as smart as I am.
Re: (Score:3)
One would assume that you would hardcode it so if the user loses his password, he can call the company. And trust me, they WILL lose their password.
They should have done something that at least has a chance of verifying physical access to the machine - like making the password a derivative of the serial number.
As in luser admin calls HP says he's locked out, HP asks for serial number, runs it through some algorithm only known to HP that outputs the password for that system.
That's not perfect either, but it would be a big improvement over harcoding the same damn password for all units.
Re: (Score:3)
Re: (Score:2)
Hell, just making the account name or password the serial number would work wonders. I mean, in general, physical access trumps all anyway.
Actually, is there any reason to seperate username and password for a backdoor superuser account. I mean, the username could be secret and the password null or the username could be well known and the passwo
Re: (Score:2)
One would assume that you would hardcode it so if the user loses his password, he can call the company. And trust me, they WILL lose their password.
One would hope that the password is put somewhere that a firmware flash can change it however.
Or it might even be resold to someone else who doesn't know the password - used equipment exists - and they don't engrave the password on the outside. But sometimes for this 'hidden' password to work, there must be another condition on the equipment to be present - like loopback plugs in place.
Re: (Score:2)
1. company A is sold to company B
2. admin jumps ship for a less crappy job
3. company C disassembles company B in a hostile takeover, and sells off the bloody parts
4. admin quits
5. hardware sits in a rack somewhere, forgotten
6. admin quits
7. clueless newb hired as servermonkey
8. servermonkey makes a hash of things
9. server monkey promoted to management
10. company sold to GM
11. company sold off from GM
12. new owners can't track down password for server, cross their fingers and hope the
Re:HP & brocade switches (Score:2)
HP many years ago integraded with brocade [hp.com] switches. There was always an admin password to most HP device at the enterprise level: the cited storage array + fibre switch or tape library robot. However most only worked with physical access to either operator panel or serial port.
Now that IP has been for a few years the new serial port I predict many more devices in the future will have their firmware/management ports compromised. I think its SOP in large vendor enterprise to build such into your systems.
At
Re: (Score:2)
Which is why the password could be generated from known facts but not ones an outsider would be likely to get right. So combine serial number, date of purchase, company name, contact phone number and whatever else you want, then hash all that to get the password that cannot be lost but is hard to guess.
Re:Ok so two things (Score:4, Informative)
Just how many of these systems are out there, in which areas of the private & public sectors?
Lots and most of them. MSA2000 are common. HP been selling them for years. Although it has been superseded by newer models the channel still has a large supply [google.com]. Pretty good hardware for the money.
Re:Ok so two things (Score:4, Insightful)
They probably put a hardcoded u/n & p/w into the system early in development to ensure that their login security system worked, then implemented configurable logins, forgetting to remove the hardcoded one.
When I code something that is meant to be configurable, I first hardcode some values to ensure that the code works, then I code a configurable text-file based system, like ini or properties files. Finally, I move on to implementing the desired configuration method, such as LDAP, SQL, or HTTP GET. Anything sensitive is encrypted, of course. I have always remembered to remove the hardcoded values, but I've seen colleagues forget to do the same.
Re: (Score:2)
Re: (Score:2, Troll)
Re: (Score:2)
Zip up. Your flag-waving nationalism is showing.
I love my country, salute my flag, and honor the soldiers who have fought to keep us safe. From foreigners. With uninteresting opinions. Who should butt out!
THAT is flag-waving nationalism. As it is generic, you may easily reuse it for your own nationalistic purposes, which I will, of course, ignore, because you are probably a foreigner. So butt out. :-)
Re: (Score:2)
Re: (Score:2)
Heh... No such thing as too much Tim Curry. Carry on.
Re: (Score:2)
That's silly.
My country deserves no unconditional love just because I happened to be born in it, the flag is just a picture, and the soldiers sometimes fight for a just cause, and sometimes for a completely senseless one. My country is not special. If it goes wrong, I try to set it right, and do the exact same thing with any other country I happen to be living in at the moment, if I have the ability.
Nothing deserves unconditional respect. Respect is earned through good deeds.
Re: (Score:2, Informative)
Uhhh....your Ameriphobia is showing. When all you do all day is think about how America is bad, then it's not surprising when you invent scenarios in which you are correct
U.S. Tries to Make It Easier to Wiretap the Internet [nytimes.com]
FBI drive for encryption backdoors is déjà vu for security experts [arstechnica.com]
Yeah .. you're right .. its Ameriphobia when US companies are complying the gubmint
Re:Looks like a big "fuck you" to Uncle Sam. (Score:4, Insightful)
Perhaps I didn't read close enough, but I didn't see anyone complying.
The FBI and NSA can ask for the moon, doesn't mean they are going to get it.
From reading your link perhaps you should have a case of Indiaphobia or United Arab Eremitesphobia.
There are other countries in this world with the pull to have back doors included, its not a u.s.a. specific issue.
Re: (Score:2)
Perhaps I didn't read close enough, but I didn't see anyone complying.
The FBI and NSA can ask for the moon, doesn't mean they are going to get it.
From reading your link perhaps you should have a case of Indiaphobia or United Arab Eremitesphobia.
There are other countries in this world with the pull to have back doors included, its not a u.s.a. specific issue.
Oh I agree this is not an American phenomenom, and it was really funny when people were getting all up in arms over the phone equipment supplied to Iran. And the case in Greece with the phone system was also a very very sophsicated backdoor hack that probably was (some) government related. But as to companies complying. Do you really think that part of a companies advertising campaign is "We support all government requested back doors!"
Re: (Score:2)
Now all the units are from Asia and they have learned/designed/offered the same style of devices.
As OzPeter said, Costas Tsalikidis, the Greek telco whistleblower was found hanged.
Adamo Bove head of security at Telecom Italia who exposed the CIA renditions via cell phones ‘fell’ to his death.
Exposing the backdoors and longterm track
Re: (Score:2)
In this case, it's hoped that competitors to Uncle Sam's campaign contributors buy this storage array for cheap and easy industria
Re: (Score:2)
It's interesting. HP is a US company with offices all over the world that outsources most of it's production to foreign labor.
Why you are limiting this to the US government is sort of interesting in that it could have been slipped in by about any worker in almost any country working for almost any outside interest. And because HP doesn't individually develop and install custom firmware for each and every product it produces, it's only obvious that once it gets in, it would be in all of them that have the sa
Re:Looks like a big "fuck you" to Uncle Sam. (Score:5, Interesting)
Don't we hear every so often about how the US government wants backdoors into otherwise secure systems and crypto algorithms for "national security" or "law enforcement" purposes? I suspect that the MSA2000 was required to have a backdoor to appease Uncle Sam, and somebody at HP decided that if Uncle Sam wanted a backdoor, Uncle Sam could damn well have a goate.cx-esque backdoor.
Exactly! What happened was that they used this type of storage array to hold data on the 9/11 cover-up, and also to edit the footage of the "moon landing". Also the specs for their black surveillance whisper copters.
Or someone at HP is a moron.
Re: (Score:2)
Re:Looks like a big "fuck you" to Uncle Sam. (Score:4, Interesting)
Its probably nothing like that. Some idiot on the service side of the house probably convinced some VP that a backdoor was needed so the support people could deal with customers who had lost the passwords or when they had to refurbish and RMA and wanted to be lazy and not have to replace any chips or flash the thing or whatever. That VP then made the software team add the backdoor. I think on the MSA15000 there is a check the make sure the password does not match the user name, which I might have run across when familiarizing myself with it with it prior to deployment. They developers probably wanted to make the password match the user name (its hidden after all) but also did not want to run into that test code somewhere even with the hard coded value.
That being said, admin was an aggressively stupid choice and hard coded back doors at least rank as very stupid to begin with.
Re: (Score:3)
How d'you know it wasn't some Chinese firmware programmer?
Sigh. Consparicy theorists (Score:5, Insightful)
It amazes me how many Slashdot has, how quickly people here will believe some amazingly complex and willy explanation over a simple and obvious one. So what is the obvious one here? Simple: HP support. They want to be able to get in to the units to help their customers, and do shit like recover passwords (which customers will lose). So they add their special hardcoded maintenance account.
Seriously, going from this to "OMG government conspiracy," based on NO additional evidence means you are presupposing. You've decided on a conclusion (that the government requires everything to have a backdoor, which is 100% false) and are then making a massive illogical leap with no supporting evidence to that.
Re:Sigh. Consparicy theorists (Score:4, Informative)
Seriously, going from this to "OMG government conspiracy," based on NO additional evidence means you are presupposing.
And you have totally fallen for it. The gubmint is one step ahead of you already by using psychology to defeat your common sense. They selected the account/passsword to masquerade as an HP support account, knowing that if it was found out that people like you (or should I say gubmint shills????????) would try and convince the rest of us that it was all an innocent mistake!
Try and refute *that* Mr G-Man!
Re: (Score:3)
Try and refute *that* Mr G-Man!
Time, Mr. Ozpeter... ... really that time ag...ain? It seems asifyou only ... just arrived.
Is it
You've done a great - deal in a ... small time span. You've doneso well, in fact, that I'vereceived some ... interesting offers for your services.
Re: (Score:3)
in fact, that I'vereceived some ... interesting offers for your services.
$120 per hour for labour, $60 per hour for travel time > 1 hour from home base. All expenses at cost, and own use car mileage paid at full government rebate amounts. All time (labour and travel) over 40 hours per week to be booked at time and a half. Over 60 hours a week at double time. All flights over 3 hours to be booked at business class or better, and where available gate lounge fees to be paid.
So can we do business?
Re: (Score:3)
Rather than, offer you the illusion of free choice, I will takethe liberty of ....chooosing for you if, and, when, your time comes round again.
I do apologize for what mustseem to you an arbitrary imposition, OzPeter. I trust it willall make sense to you in the course of... well...
I'm really not at liberty to say.
In the meeaantime... this is where I get off.
Re:Sigh. Consparicy theorists (Score:4, Insightful)
OK but an MSA2000 is NOT a toy. It might not be the first class SAN solution for large caps but they certainly power lots of medium business with billion dollar a year bottom revenue lines. Those companies are big enough to care about security and big enough to employ at least one competent systems administrator even if they will then force him to use some second rate monkeys for help. That person one should NOT be forgetting the password, what if something happens to him? Well they way I did it is I wrote that stuff down. The sensitive passwords were kept in a safe deposit box on CD-ROM inside an AES encrypted zip file at the bank the CEO had the other key and knew the password to the zip as well. $25 dollars a year is a small investment to ensure that one of us will be able to obtain that information if needed. Anyone buying an MSA2000 can afford that and come up with a similar suitable arrangement.
If HP *needs* a backdoor for serving the units its 2010 they really should have some alternate log in method, perhaps a serial header on the controller system board or something so that you would have to give them physical access or an attacker would have to gain physical access and the credentials should be a certificate file so their will be no guessing the 4Kb password.
Re: (Score:2)
HP tech: Welp, your new machine is ready to fly.
Customer BOFH: Bitchin!
HP tech: One thing, though.
Customer BOFH: Yuh?
HP tech: I need you to create me a root-access account so I can log in on service calls.
Customer BOFH: Oh, no sweat. What username?
HP tech: 'admin'. All lowercase.
Customer BOFH: Makes perfect sense. (Types.) Wow this thing's fast. Here, enter your password.
HP tech: (Types '!admin' twice) Done.
Repeat for every customer...
Re: (Score:3)
You mean to say this admin !admin account doe not work on the Telnet/HTTP/FTP network services that are enabled by default on a MSA2000?
The admin/!admin account are the documented defaults in the manual, just like monitor/!monitor.
I don't know about the G3 but, on my MSA2000 G1's, I have been able to disable the "admin" account privilege (admin/monitor/disabled) and added my own admin account with a secure password.
(Technically the G3's are a new OEM (LeftHand ), so it is possible this is locked, but I don'
Re: (Score:2)
Even a superb hardcoded password is going to sneak out eventually, even if only after the units start to be scrapped(but before all of them leave production). At a bare minimum, the hardcoded password would have to be unique per unit. Even better, use something l
Re: (Score:3)
Really? I see nobody here mentioning conspiracy theories (certainly nobody modded up) except you. The thing is, we don't care why HP did it. What we care is that they did. And regardless of what they were going to use it for, what it can be used for is compromising the security of a user's system. It may not have been malevolent, but it was certainly condescending (users are to stupid to manage their own system) and it definitely compromises security.
Ummm, the person I was replying to? (Score:2)
If you don't see it adjust your threshold. I was replaying to a conspiracy theorist.
Re: (Score:2)
Re: (Score:2)
Here's the thing though: this is an incredibly bad way to support hardware.
#1: Your customers actually don't trust you when they find out that there's a hardcoded user in the hardware. Why? Because businesses with a proper understanding of security know that this is a massive security hole, and will refuse to buy that hardware.
#2: There's already a way to get admin-level access to hardware: ask the client for it. If they don't want you to connect to their internals with their own password, there are things
Re: (Score:2)
However, it's braindead
Especially considering that this sort of hardware isn't exactly targeted for the "grandma's computer so she can skype the kids" category. Presumably the HP support staff can rely on having someone with at least half a brain on the other end to work with.
But then again, if they're dumb enough to buy HP...
Re: (Score:2)
ack!! You're one of them! one of those government spies! You're only here to tell us our paranoia is unfounded as it lacks proof.. just as the government would say if they didn't want us to look deeper...
ah ha! You're insinuation that our paranoia is unfounded is the exact proof needed to say our paranoia is fully justified!
I don't think the gov't requires a backdoor (Score:2)
I don't think "the government requires everything to have a backdoor." I just think that if the FBI, or the NSA, or the CIA, or the U.S. Marshals, or the Department of Defense, or the Department of the Interior, or Homeland Security, or any one of any number of Byzantine U.S. government organizations approaches a large company like HP and says "Hey, we buy a bunch of stuff from you, do you mind if we have a backdoor?" I think in 90 percent of cases the answer will be "Sure, no problem." You don't need a con
Re: (Score:2)
It amazes me how many Slashdot has, how quickly people here will believe some amazingly complex and willy explanation over a simple and obvious one. So what is the obvious one here? Simple: HP support.
Well, I think the reluctance to accept this simple explanation might have something to do with the fact that a syphilitic monkey could eat a bowl of molex connectors and shit a more sensible support password recovery scheme than that.
Of course, the idea that the gummint is behind this isn't sensible. It's irrational. On the other hand, there's no sensible, rational explanation for something so idiotic. The closest thing I can come up with to a reasonable explanation is that the backdoor got put into the sof
Re: (Score:2)
Weird. I always thought that the woman in the limo was Lee Harvey Oswald in drag, and Jacquie was the one with the rifle in the repository.
Re: (Score:2)
No, no. That was Vladimir Putin in drag, and the rifleman was Sarah Palin.
Re: (Score:2)
Come on, be realistic. Palin wasn't born until 1964 so
OH SHIT SHE HAS A TIME MACHINE
Re: (Score:3, Informative)
While we're at it, you'd really have to go out of your way to expose something like an MSA2000 to the wider internet, as you'd have to be stupid enough to be running your storage network on a routable range with external routing from your edge. Basically, you'd have to a giant fuckwit.
Re: (Score:2)
Serial port to ethernet, you access it with telnet. They're ubiquitous.
Re: (Score:2)
NO SSH?!?! That's even funnier! Does the tcpdump give you any info on when the motherboard for the tape drive controller and back-plane are going to melt down in a heap of bubbling goo?
This is probably a mistake. A real backdoor would have a snazzier passwd as well as its code buried where someone would not easily spot it. Or a special customer service generated one, like every other company worth their salt.