Arescom NetDSL 800

From: Powertech (powertech@ezkracho.com.ar)
Date: 02/07/02 

From: Powertech <powertech@ezkracho.com.ar>
Date: Thu, 7 Feb 2002 16:35:29 -0300
To: pen-test@securityfocus.com

-----BEGIN PGP SIGNED MESSAGE-----

The Arescom NetDSL 800, by default has no configurated any kind of
authentification , allowing any intruder to log in, affecting may be the
ADSL connection, or using for its own porpouses
example:

[toor@c0ded]@[2]:(~)#telnet 20x.4x.1x.1x8
Trying 20x.4x.1x.1x8...
Connected to 20x.4x.1x.1x8.
Escape character is '^]'.

        ND1060VE-TFA Copyright by ARESCOM 2000

Login Success!
NetDSL>?

                     ******* Console Help Menu *******
Available Command:

add add objects in talbe
connect start the connection
delete delete objects in table
disconnect disconnect modem connection
help display this menu again
quit quit the system
reboot reboot the router
reset reset the configuration, and reboot
save save the configuration
set set system parameters
show display system status
test system test
upgrade upgrade the firmware via FTP, TFTP and XMODEM

NetDSL> (there are no such things as level like in ciscos.. etc)

Salutes, bye 

--
So we follow our wandering paths, and the very darkness acts as our guide and
our doubts serve to reassure us.
- Jean-Pierre de Caussade, eighteenth-century Jesuit priest

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: GuOZrkI/Jb/W0KLqg2VpZatSKb5Xo340

iQEVAwUBPGLXCYhDjf2eob5RAQEqrwf/egEoAS9/BgUfy+vle5R7RbDZLYR7ub01
7f174j14juILxzToPvFYSPKTKz88EOubdb8WJoox3FuIpW4OiM2PnTWPi4PCypUi
3hgdzjpqkhZFEdEpmcjfQEHE2DZMoNENujzN52uw9UbPq+Dts2vTPhJKcMOgLr+F
HWc319olqwap8kQvdy18wVQGsjBN7YoR7cwBERcX/XSOcs3Jld/Hki8TKhD/jmTe
WtdnMNTFXXjfwmE9HK2uctNWSOKHhsPr2sEf4neSGY2qslDOLtiVfK6t5UfG046Z
KUzlMyBrp0mBTn7GQVVxPicGMOa6DKfh9NUIoyMur+8xa5YvP2IDnA==
=GTYB
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • RE: Serial Connection Password Cracker.
    ... This is a tcp socket server that redirects all I/O to a serial port. ... > Subject: Re: Serial Connection Password Cracker. ... >> This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Serial Connection Password Cracker.
    ... > Subject: Serial Connection Password Cracker. ... >> This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Anyone recognises this ?
    ... Connection closed by foreign host. ... This list is provided by the SecurityFocus Security Intelligence Alert Service. ... For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: ...
    (Pen-Test)
  • Re: Any reasons to filter ARP packets?
    ... it can make a good article on securityfocus or a similar site. ... you can not only intercept ... As a funny attack, you could ... can decrypt almost _any_ encrypted connection. ...
    (comp.os.linux.security)
  • Re: command-line reverse connection tunnel?
    ... I wrote a suite of Tcl scripts to accomplish this goal a few years ago, it has been listed on SecurityFocus for a long time as reverseutils. ... >have a machine behind a firewall that lets in only port 80, ... I need a program on SERVER1 that creates a connection to ... and SERVER1 needs to connect to itself on port 3389. ...
    (Pen-Test)