From: Sunder <sunder@brainlink.com>
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Message Hash: 83470da1d027d165dda0e8228eeab8953343f9593e1c5b455ff57bcd262a541d
Message ID: <35564609.D3F85D5A@brainlink.com>
Reply To: <Pine.BSF.3.91.980509032901.17424A-100000@mcfeely.bsfs.org>
UTC Datetime: 1998-05-11 01:00:11 UTC
Raw Date: Sun, 10 May 1998 18:00:11 -0700 (PDT)
From: Sunder <sunder@brainlink.com>
Date: Sun, 10 May 1998 18:00:11 -0700 (PDT)
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Re: [Fwd: 3Com switches - undocumented access level.]
In-Reply-To: <Pine.BSF.3.91.980509032901.17424A-100000@mcfeely.bsfs.org>
Message-ID: <35564609.D3F85D5A@brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain
It is remote access - via telnet!
Rabid Wombat wrote:
>
> Since you didn't specify the method of access. it is hard to determine if
> this is a large security hole. Most equipment can be rebooted and brought
> up without a password IF you have local access. For example, Cisco routers
> can be brought up without password simply by specifying the starting
> address of the load file, but you have to be at the local console to do
> this.
>
> UNIX systems can be brought up w/o password in single-user mode, if you
> have local access. Yes, there are firmware passwords to guard against
> this on many systems, but one can always swap up the eeprom, etc.
>
> I'd only be worried about the 3Com backdoor if it can be used remotely.
> Got any details?
>
> -r.w.
--
=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.| Ray Arachelian |Prying open my 3rd eye. So good to see |./|\.
..\|/..|sunder@sundernet.com|you once again. I thought you were |/\|/\
<--*-->| ------------------ |hiding, and you thought that I had run |\/|\/
../|\..| "A toast to Odin, |away chasing the tail of dogma. I opened|.\|/.
.+.v.+.|God of screwdrivers"|my eye and there we were.... |.....
======================= http://www.sundernet.com ==========================
Return to May 1998
Return to “Sunder <sunder@brainlink.com>”