Security Issues For Many Alcatel DSL Modems 114
gle was one of many readers to write about an interesting security problem: "If you own an Alcatel DSL modem, you will be interrested to know that virtually anybody on the planet is probably able to reconfigure you modem, steal your passwords, sniff your data, install a custom firmware into it, or just break it for fun. Lack of proper authentification, and various back-doors have been pointed out amongst various design flaws. The man who discovered this is Tsutomu Shimomura, who got famous at getting Kevin Mitnick arrested. Alcatel claims 36% share of the DSL market, with more than 1.7 million units installed ..." So if you have DSL, you might want to check the label on the side of the modem about now.
How about Cisco 675s? (Score:1)
.forsight
Re:Pure Bullshit (Score:3)
Re:Tsutomu Shimomura's ego (Score:2)
Lookout Sympatico / SpeedStream modem users! (Score:1)
That's the model Sympatico just gave me last week.
Fuck.
G
Re:About 10,000 DSL bridges/routers out there (Score:1)
I worshiped Avon when I was 12. Still have my square logic cubes sitting next to my monitor - it's amazing how effective they can be for problem solving.
Don Negro
Re:About 10,000 DSL bridges/routers out there (Score:1)
Yep.
Don Negro
quite obviously . . . (Score:1)
"All your modems are belong to us" . . .
[duck]
hawk
Don't be silly (Score:1)
hawk, shuddering at the notion that someone might take this seriously
Re:Some things (Score:2)
I did, long before it made it to
This attack is available over IP. Don't need inside access. Don't need to crack any of your boxes inside. Just need the IP of your DSL modem and some spoofing.
Good luck trying that. Since you need to access the LAN via the VPN tunnel your UDP packets get blocked right there in the INPUT chain. Spoofing is also easily detected. Also if you read the advisory correctly you wouldn't even need the exact IP address of the modem. That is of course if your ECHO packets manage to get past the firewall, again, good luck trying...
While the security issues are grave, they are not as easily exploitable, and with proper care a non-issue. I noticed Alcatel's stupidity the first day I got my modem, open telnet to the settings menu. Wish I had made some real noise back then, I could have become a "l33t security expert"
-adnans
Some things (Score:4)
This is mostly bullshit! First you'd have to gain access to the computer or network the Alcatel modem is on. And for that you'd have to gain root. The only outside attacks possible are out of your hands anyway (someone will need to tap your phoneline or break into your telco provider).
However, the default security setting of the Alcatel modem IS pathetic in the sense that it has an open frontdoor!
Some things you need to take care of:
The most disturbing flaw is the fact that IF someone gains access to your modem they can render it unusable, requiring hardware replacement
-adnans (blessed/cursed with one of these)
Re:Yet another reason.... (Score:1)
I've alerted BT (Score:1)
Re:NMAP Signature (Score:2)
I got a user's manual with my ADSL 1000, which includes, err, umm, a discussion of the Web interface to it; as I remember, it even mentioned the 10.0.0.138 IP address. Maybe Sasktel weren't as nice as Pac Bell in that regard (or maybe he didn't check out the box the modem came in).
The manual didn't discuss the Telnet UI, though.
Re:Externally accessible? (Score:2)
...which I rather suspect they do using some non-IP protocol running, for example, atop ATM.
Re:Only a question of business (Score:2)
I assume you mean "ADSL" rather than "xDSL", as there are several technologies to which the term "xDSL" refers (HDSL, SDSL, and ADSL, for example), many of which appear to have in common only the fact that they send Digital signals over the Subscriber Line.
Could you please cite some references to support the assertion that "ADSL is an Alcatel technology", or explain what you mean by "ADSL is an Alcatel technology" if you don't mean to imply that Alcatel invented ADSL? I have seen, in several places (admittedly, the ones I found were all from companies in the USA, so perhaps they're all part of the plot to discredit Alcatel), claims that, in fact, ADSL was originally conceived by Bellcore, and, in this Texas Instruments application report [ti.com] (see section B.3. "History of ADSL standards"), a claim that "the DMT line-coding technique was developed around 1987 as a result of the research performed by Professor John M. Cioffi at Stanford University".
Perhaps Alcatel is the main manufacturer of ADSL equipment, and they may have contributed a lot to the development of ADSL technology, but I've yet to see any indication that they invented ADSL, or even DMT, so it does not appear to be an "Alcatel technology" in the sense that they are the originators of ADSL.
Indeed? Are you asserting that this is part of some plot by competitors to discredit Alcatel? If so, do you have any evidence to support that assertion? (There wasn't anything in the transfert article making any such claim.)
Re:Yet another reason.... (Score:2)
At least someone has to hack yer DSL modem - Cable modem is just a distributed E-net. Anyone on your node (ie your neighborhood) and see what anyone else is looking at just be asking to.
Hope yer not surfin' any pr0n you don't want they guy down the street knowin' about. Or doing anything sensitive from work at home...
=tkk
Worst security model for a long time? (Score:3)
I'm damn glad I've got a cable modem, which doesn't seem to be doing all this crazy stuff.
I find it rather perturbing that anybody in their right mind these days could leave an unauthenticated TFTP server running, with permissions to overwrite a password.
Even if it is 'supposed' to be run from the LAN side of the device.
Backdooring is also very very evil. All it takes is for one black hat to acquire the cryptovariables and algorithm, then it's script kiddie heaven!
Alcatel, being one of the major telecoms providers, I'd have thought would be a little more careful about the production and security of their devices. It's not as if it'd break their bank hiring a few good security consultants to go over their device before selling it. Lawsuits that may ensue due to their negligence in correctly allowing security configuration of the device may seriously damage it though.
All this in mind, having a device with this lax security on it is a contravention of most ISPs TOS. I know I'd get thrown off in an instant if I had a machine this insecure on my cable!
Again, it looks like a victory for the beancounters (we can shave a few grand off the development costs by not hiring security consultants, and that'll make this department look nicer on the profit side. Who cares abbout the other departments who have to cope with the flak later).
I think I'l just say I've very disappointed with a company of this standing to have procedures this lax, and leave it at that.
Cheers,
Malk
Re:French link (Score:2)
--
Re:I don't have this problem.... (Score:1)
Is this only a problem in PPTP mode or something?
IANABT (I Am Not A Broadband Technician), but I'd guess that it's mostly an issue for folks running PPPoE and such where the Alcatel unit itself has an IP address. I've lucked out with my DSL provider (HellSouth - er, BellSouth to those not familiar with 'em
Re:default dsl passwords suck, unchangeable ones (Score:2)
This Alcatel really sucks if you can't even do that.
Oh, yeah; whereas Cisco never leaves wide-open back doors in their products [cisco.com].
-
Re:Even over PPPoE? (Score:2)
Well, *IF* you're not running a firewall, there's supposedly some reflection attacks they can do off you, but if you're not running a firewall you're in way worse shape than just this vulnerability.
-
Tis funny to read.. (Score:1)
It's also interesting to seem some of the more capable
---
Re:I don't have this problem.... (Score:2)
Is this only a problem in PPTP mode or something?
--
he did NOT discover it. (Score:1)
this is old news, and was not "discovered" by mr "kevin catcher"... leaked maybe...
Re:Yet another reason.... (Score:1)
unless i've missed a great deal of information, the motorola cybersurfers that time warner hands out have domaining that disallows you (without some type of administrative control over the cable modem) to receive frames destined for any other serial number of modem. basically their encapsulation is loosely encrypted (i doubt it's actually secure).
the reason i mention this is that you said "anyone" which i don't believe is accurate... someone SKILLED, yes, ANYONE, no.
i.e. their promiscuous mode doesn't appear to be able to be enabled without some "inside knowledge".
is my information aged?
(i only see broadcasts to *ALL* MAC addresses (i.e. destination MAC of FF:FF:FF:FF:FF:FF, and to my specific MAC address of my firewall's external ethernet interface)
cheers.
Peter
Re:Fucking Brilliant (Score:1)
bellsouth is satan. i hate them with a passion that burns hotter than the sun. may their assets turn to dust and their board of directors be banished back to the pit from whence they came...
honestly, i'm not joking... a bunch of filty fucks, all of them.
my $0.25
-k
Re:Tsutomu Shimomura's ego (Score:2)
And this includes almost all UK ADSL users... (Score:1)
Strange how this was noticed not long after Alcatel released proprietary drivers for Linux...
Pure Bullshit? Riiiiight. (Score:1)
Either it is no big deal and no security furor need transpire, OR he should have gone to Alcatel. You can't argue both, OK?
As it turns out, he DID contact Alcatel, and they rebuffed him, even denying (among other things) that the expert mode code existed in the product. That was obviously false, as a technical manual (previously available from Alcatel's Russian site) mentioned it, and it is present in plaintext when the code was disassembled.
"..decided he could make some quick bucks" How is he making quick bucks from this? If anything, it is a major-ass headache to have your phone ringing off the hook 24/7 and explaining things over and over to journalists. He is not going to start consulting more often or write a book, "DSL Takedown" about it (I fervently hope).
Nationalistic Bashing (Score:1)
Alcatel == French
Alcatel != USA
So lets bash french products!
Like if Cisco products dont have the same features of the Remote Control Class.
Re:Externally accessible? (Score:1)
The entire 'vulnerability' is based on the rather farout presumption, that there is an ECHO server on the local LAN that the wannabe haxor can 'just' compromise and use to attack the ADSL modem.
/pah
ZDNET story (Score:3)
Re:How about Cisco 675s? (Score:1)
I have an 803 at home for dial-up (ISDN), and it's the same interface / config as everything else, right up to a GSR - one reason I like Cisco.
Regards,
Tim.
Re:Pure Bullshit (Score:5)
Renaud Deraison is known in french security circles for his nessus scanner, a program similar to nmap. He published his findings at the end of last year, but it wasn't widely trumpeted at the time. Shimomura is a publicity whore who copied Deraison's comments (probably used the fish, the grammar follows the same butchering) and claimed the discovery as his own. A few days ago, there was a press release going around touting Shimomura's discovery, not a CERT advisory, just a press release from the San Diego Super Computer Research Center.
The french paper Le Liberation [liberation.fr] ran a story [liberation.fr] filled with horror but little detail. Some of the claims are ridiculous, such as how someone who cracks the modem has unlimited access to every file on all the computers behind it, and how any machine on the internet can access the modems which sit on unaddressable IP addresses (the 10.x.x.x private IPs from RFC 1918)
Today Le Libe is running a follow up story [liberation.fr] where Alcatel denies the backdoors were placed intentionally, and claims there is a security program installed on the modems to prevent cracking by unauthorised persons.
I have a Speed Touch Home modem, and I've played with these backdoors. In
Since the modem uses "private" IP addresses, and access is limited to the local LAN or from the DSLAM, he didn't consider this to be a big problem. The modems typically sit on the DSLAMs private address range, and only connect the users computer to the BAS using PPoE or PPPoA, and can't really generate traffic to the internet. To gain access to the modems, you would either have to crack the DSLAM, crack the users computer, be on the same DSLAM (and thus same subnet) as the target, or intercept the copper wires and play DSLAM. Of these scenari, only cracking a computer on the LAN behind the modem would be possible from the internet at large, and if you can do that, why bother with a stupid little DSL modem?
I agree with Betcour (and a large crowd on fr.comp.securite) on this, Shimomura is tooting his own horn because his bank account is empty after Cybertraque flopped at the cinema. Did Takedown ever open in the U.S.? If it didn't, count your blessings, it was bad, not Ed Wood bad, just unredeemably bad.
the AC
Proper spelling on story lead (Score:4)
That's authentimacation , thank you very much.
Homer
Pure Bullshit (Score:5)
Now Shimomura, 4 months later, decided he could make some quick bucks with the idea and told about it to a few people, then to the press and CERT. A normal security alert goes to the manufacturer first (to give him a chance to make a patch) and then to the CERT. Obviously Shimomura is a lamer trying to claim his someone else work and make some fame out of a minor event and the medias ignorance.
I love submitting to Slashdot (Score:1)
Benn there, done that. (Score:2)
So, poking around, I made a typo. No biggie, right?
I reset the modem. Uh-oh. No 'net. Damn, I hope I didn't break it. Look at the clock. It was 2:23AM. Okay, keep trying for a while.
Damn, still doesn't work. Call a fried. Nope, she can't connect either. UH-OH.
Call Sympatico(my provider). Having troubles? I ask. Yup, they are. Uh-oh. Well, could you tell me the *exact* time the trouble started? "Sorry sir, I don't know," the first-line techie responds. "Okay, mind if I speak to an engineer? Thanks
Anyways, to make a long story short, the problems started at around 2:19:23AM. Pretty much the exact time I made that typo. Coincidence? Possibly.
I probably shouldn't be posting this to Slashdot
(Oh, yeah, this is an Alcatel modem
Barclay family motto:
Aut agere aut mori.
(Either action or death.)
Alactel ADSL modems in France (Score:1)
Now, France Telecom (the only ADSL operator for home and SOHO) is deploying PPPoE on new POPs, so people (like me) get ECI modems instead of Alcatel.
Hardly need to check the label... (Score:2)
Re:So what are the default passowrds? (Score:1)
Oh, how lame
What about Newbridge modems (Score:1)
Re: (Score:1)
Re: (Score:2)
Potential mass takeover, via WinXX (Score:1)
Alcatel's Reply (Score:2)
--
Re:I'm safe... (Score:1)
That aint internet access whatever it is
Hell I have a 1.1mbit SDSL at home and I am constnatly bitching about our ISDN at work.
Jeremy
Re:Don't rely on Slashdot for security information (Score:1)
Re:I'm safe... (Score:2)
I'm safe... (Score:5)
Two weeks without Internet access and still surviving.
-_underSCORE
Re:Some things (Score:2)
In this example, one can send packets to the TFTP server from the outside by sending TFTP UDP packets with a source address of 255.255.255.255 and a source port of TFTP to the UDP ECHO port of any system on the internal network with a functioning UDP ECHO server. When the "ECHO server" replies to the request, it will interpret the (now) destination address of 255.255.255.255 as local broadcast, and the packet will be broadcast on the Ethernet with the destination port set to UDP TFTP.
Many networking devices (including the Speed Touch) provide a UDP ECHO service, and in many cases (again, including the Speed Touch) there is no way to disable the service.
This attack is available over IP. Don't need inside access. Don't need to crack any of your boxes inside. Just need the IP of your DSL modem and some spoofing.
Re:Some things (Score:2)
Now, about your use of PPPoE and the "Since you need to access the LAN via the VPN tunnel your UDP packets"
You are correct but only in the case of running PPPoE. If you have a static IP (like me), then your Alcatel is accessible from the Internet and that attack will work. The ECHOed UDP packets never reach your firewall (unless you've homebrewed a super l33t DSLAM firewall that sits on the Telco side) because the Alcatel is kind enough to ECHO them for you (back to itself) before it gets on the Ethernet. There goes your spoof detection too. Nope haven't tried it myself yet. Yep it sounds doable if you ask me.
I believe it is significant because all the PacBell DSL rolled out in the first year is static, and on Alcatel 1000. PacBell "enhanced" services are static too. It also appears by reading specs that Alcatel has cross-licensed its stuff to other vendors. Westell for sure (see: http://www.dslreports.com/forum/remark,658656;root =equip,36;mode=flat [dslreports.com]and scroll down a bit).
Well, it may have been a slighlty heated discussion here. I am glad you wrote back so I could learn a little from you. PPPoE == protection in this case. Now, if I could just convince myself that the ASI guys are capable of reprovisioning my line with PPPoE on the WAN side, and keep my /29 CIDR block on the DMZ. Nope, don't think they can handle it...
About 10,000 DSL bridges/routers out there (Score:2)
Or comments on markings, or such. Mine is not from this company but I was curious what type/model was affected by the notice and found that there are no "With Alcatel name and model numbers xxx and xxx" I mean is it ALL their models? Is it one specific? Even the warning page doesn't give specifics.
DanH
Cav Pilot's Reference Page [cavalrypilot.com]
Re:I'm safe... (Score:1)
Now there's a meta-quote, if ever there was....
#include <stddiscl.h>
Simple Question, I'm sure many want to know. (Score:1)
AFAIK, a USB device doesn't have a 10.x.x.x address at all; and as has been pointed out, 10.x.x.x is private from the net.
Someone clarify this to save many
#include <stddiscl.h>
Am I vulnerable? (Score:1)
bash-2.05# nmap -sS -sU -O -v 10.0.0.138
Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Host (10.0.0.138) appears to be down, skipping it.
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0
Nmap run completed -- 1 IP address (0 hosts up) scanned in 30 seconds
Does this mean my modem isn't vulnerable or is the IP different? Comments would be appreciated.
Re:Am I vulnerable? (Score:2)
On a sidenote.. my ISP said people in the Netherlands are vulnerable because they use pptp (whatever that is) and their public IP is on the modem.
Re:And this includes almost all UK ADSL users... (Score:1)
That and the photographs shows me that they're talking about a completely different device to the one used by the BT Openworld residential service, which is a USB device.
Unless the USB device (stingray) has the same problem, then this does not affect almost all UK ADSL users.
Can anyone confirm or deny this with sources rather than speculate?
Hacker: A criminal who breaks into computer systems
Just get your DSL at the local gas station! (Score:1)
22.015Gal DSL @$1.499 Total: $33.00
My car runs just fine with it and I think it is safe!
Re:Tsutomu Shimomura's ego (Score:1)
--
Tsutomu Shimomura's ego (Score:3)
At least the CERT Advisory managed to avoid the Mitnick angle....
--
Re:Qwest/US West users may now relax (Score:1)
xDSL CPE (Score:1)
This is absolutelly nothing new. As the engineer who controls all xDSL modems/routers for a large player in the industry, security for xDSL CPE is horrid. You will find major security issues with all CPE.
Re:default dsl passwords suck, unchangeable ones (Score:1)
Re:what are you packet tables like? (Score:1)
Re:Tsutomu Shimomura's ego (Score:1)
"How I seduced this woman away from her man while eating tofu and kayaking thru the mountings with one hand tied behind my back."
dsl modems (Score:2)
Re:Don't rely on Slashdot for security information (Score:1)
But then again, I had a very boring day yesterday....
Don't rely on Slashdot for security information (Score:4)
Really.
This was announced on their list about 14 hours ago.
Externally accessible? (Score:1)
what were they thinking?
/m
There was an even easier fix... (Score:2)
When I first got the fool thing, I changed the IP address it responded to. At the moment, my particular modem has the address 10.1.2.1/24. Guess what? That particular subnet is not accessible through my ISP (net 10 is blocked) and I don't have any other system with that subnet defined.
When I want to play, I define a second net address on my Linux firewall to create an interface on that port, and manually update the router tables accordingly.
I wonder how many people have tried to find my Alcatel 1000?
Re:How about Cisco 675s? (Score:1)
However, I've never looked at the command structure for a 675, so I don't know if it's the same. You could try removing the password, and quickly try to telnet to it to see if that works,...
Other manufacturers? (Score:1)
At the moment, I'm glad I've got Motorola...
He... poor BT (Score:2)
In the UK, part of the TOS for BT's ADSL is that you're not allowed to modify the modem, as it blocks requests on port 80 to stop you hosting a website. I phoned them up to ask about this, and they threatened to fine me for "damage incurred", kick me of the service, etc.
And now it turns out that anyone can do it!
Is there anything which cannot be programmed?
Just got off the phone with SBC Tech Support (Score:1)
French link (Score:3)
--
Even over PPPoE? (Score:2)
Is my modem vulnerable when I use PPPoE? The way I see it, my modem is not reachable from the Outside World, because all IP trafic is encapsulated in PPP. Even if one was to root my machine, access to the Modem would be restricted until the PPPoE link goes down, in which case the attacker closes his only way in.
The only way in seems to be IMHO by cracking the DSLAM (concentrator) or by pinching my copper wire from the wall and do some jolly nice tricks with it.
My BEF 10,-
Dave
Re:No IOS, the 675 uses CBOS (Score:2)
Re:Don't rely on Slashdot for security information (Score:2)
Really.
This was announced on their list about 14 hours ago.
14 whole hours! Gosh.
Re:I'm safe... (Score:2)
...it's 100% useless, but totally secure.
Two weeks without Internet access and still surviving.
And you posted this message, how?
LIAR!
I don't have this problem.... (Score:1)
Re:frost post (Score:1)
I have a 1000ASDL... (Score:2)
As to TCP/IP attacks, it can be a real bitch to talk to a host outside your subnet but on the same LAN. Even setting an ARP entry, I couldn't get a response from my modem. I have to use a second machine with two shared ethernets, and set its DSL-side interface to the 10.0.0.x subnet. And I have to set it back to let that machine run normally. (I could put a third Ethernet card in, but it's not really worth the effort.) So I'm not too worried about spoofed UDP packets being bounced into it.
What did surprise me, though, was that the challenge/response code for my old 1000 was computable from the CGI script at http://security.sdsc.edu/self-help/alcatel/challen ge.cgi [sdsc.edu]. So at least now I can telnet into the thing. But so can anyone else, if they can perform the necessary TCP/IP routing wizardry to get to it.
Unfortunately, there doesn't seem to be anything that I can do to it from telnet that I can't do with the web interface.
what are you packet tables like? (Score:1)
And did you find a management cable? I had to track one down through ebay.
No IOS, the 675 uses CBOS (Score:1)
As far as securing your 675, change the default passwords, and then you can have 20 rules for packet filtering.
default dsl passwords suck, unchangeable ones (Score:2)
one of the first things I did on my Cisco DSL router was to reset the exec and enable passwords.
This Alcatel really sucks if you can't even do that.
Re:I don't have this problem.... (Score:1)
I don't think that the modem's internal 'echo' server would be sufficient for attack (as someone above has mentioned), as the modem isn't going to spoof an internal IP as a LAN-connected box would... If this were the case, you wouldn't need a Unix box (or *any* box for that matter) on the LAN side in order to attack the modem.
I do think this has been blown a bit out of proportion, however. In order for someone to be able to attack, one of the following has to happen:
- A hacker would have to have physical access to the DSLAM or the copper loop. If they wanted you that badly, obviously you have something valuable and would hopefully have taken other precautions... Noone would go through that much trouble for a simple DOS attack on a home user's internet access.
- For the other method to work, you'd have to be running a Unix system connected to the modem. I would imagine that anyone running a Unix system would probably have disabled echo, and/or have a good firewall set up -- and if not, they probably have no business running a Unix system anyway (and probably have many other, more exploitable holes)...
I do agree that the flaws in this device are bad, but I still feel that standard Windoze users wouldn't be affected unless someone wanted in that badly (in which case they could probably find much easier ways to get into the Windoze box). Those of us running a Unix-like system have already taken precautions, because we do not trust anyone, especially a closed device connected to the internet... Things like this simply justify our paranoia
- J-Man
Re:Just got off the phone with SBC Tech Support (Score:1)
Alcatel's Response Is Positive (Score:1)
Official Reply from Alcatel (Score:1)
On a related note... (Score:2)
A funny story-
Our company DSL connection went down suddenly Monday. Everything looked OK on the LAN side, but the ISP's attempts to look at connectivity was unsuccessful. I did not have access to the router - Covad changes the default password. We ended up having to file a trouble ticket and found out:
Every one of these routers (installed by covad) uses the same administration password.
Our IPs on the WAN side had been changed.
The covad tech said that someone who knew the password had telnetted into it, -or- someone from the ISP had mistakenly reconfigured the wrong router.
Hasn't everyone already expressed their views? (Score:1)
Alcatel DSL (Score:1)
Nmap scan (Score:2)
Especially the output of the nmap scan [sdsc.edu] of the modem is interesting, since a huge number of security problems can be spotted, e.g.
open echo and chargen UDP ports (nice for a DOS attack)
very easy to do TCP sequence prediction (ideal for TCP spoofing to the device)
I'm glad I don't have such a modem at home!
Am I the only one to notice that (Score:2)
IIRC, nice guys (white hats, say) are supposed to give an advance warning to the company (Alcatel, in this case), to give them some time to issue a patch, and so on...
Didn't see any mention of this..
If he had given notice to alcatel, and alcatel didn't answer, we would have seen "we reported the bug to alcatel and got no response" stuff..
I guess since it's not a US company, he didn't bother to give an early warning to the suckers.
How nice.
Besides, we can do a poll.
To exploit the ADSL modem *without* having to hack a box on the internal network, you need:
-either a box on the internal LAN with an ECHO service running. How many of u do have a box with ECHO enabled? No Windows users, for a start. No Apple users. Aaaahhh here we are... yes, there's ECHO enabled by default on some mainstream linux distro's (don't laugh, BSDists, ECHO and CHARGEN are enabled by default on some BSD's too.. ).. so i guess vulnerable pple are the lame *NIX users who didn't take the errr say 30 secs to disable all they don't need in /etc/inetd.conf ...
-either have a "DSLAM simulator" you ave to build yourself, and get to the copper to snap on. I guess if you can do this, you can already sniff the ATM frames passing by, or break in the target's house/office, and take the target box away.
(btw, for u cablemodem users... do you know you can be far more easily sniffed/man-in-the-middle'd than the average adsl user? shared media, guys, shared media..) ( some reference [slashdot.org] ... if the feds can do it.. :-)) )
Re:About 10,000 DSL bridges/routers out there (Score:2)
http://security.sdsc.edu/self-help/alcatel/alca
The described flaws were demonstrated in all known firmware versions
of the Speed Touch Home, including:
KHDSAA.108 Jul 6 14:03:12 GMT 1999
KHDSAA.132 Nov 19 13:52:05 GMT 1999
KHDSBA.133 Mar 16 17:52:08 GMT 2000
KHDSAA.134 Apr 24 12:48:43 GMT 2000
-CrackElf
Qwest/US West users may now relax (Score:2)
French Article (Score:2)
Not me! Im not affected! (Score:3)
I think what people dont realize is this affects everyone. some kid who looses his irc channel #NetPimps.are.us on EFnet wants it back, but an ircop refuses to help, because he's net sexing his girlfriend. so this 9 yr old on ten gallons of jolt fires up nmap with os fingerprinting, and creates a script to test to see if he can comprise the router, set its own password, and fires up yet another script, to have all theese people with poarly secured routers start dossing the ircop, the ircops efnet server, and the other 9 yr olds who took his channel.
But oh no! "Its not me" isp uses the same backbone as theese routers, and gee, how bad would 5,000 dsl modems running ping -f -s 9999 slow down a network?
suddenly, your all affected by this poar security
i think people need to stop shruging things off like this and work together, if you want to flood something, whats better? 1 user or 100 users?
if you want something fixed, whats better? 1 user complaining? or 100 users complaining?
exploiting MLK (Score:3)