Security Basics mailing list archives
Re: Draytek Router Passwords
From: "Santosh Shelke" <santosh.shelke () acm co in>
Date: Sat, 9 Sep 2006 17:07:37 +0530
Hi! Yes! it is possible not just for router but for any Damn thing in this Internet world which has a password there are ways of getting around it example using keyloggers,Demo software....tools and then there are ways in which nothing is needed except the core thing of logical thinking and making you burp ! how did this happen? 1st of all tell me whcih make/firmware/IOS was the router , any recent software ( demo software ) you used, how many person are aware of router password & how many are having a access to config . hey a clever person will install software and gizmos(tools) to catch a worm but a wise will get just by asking the right question to right person! adios keep thinking Santosh shelke Keeping Network Alive & Safe ----- Original Message ----- From: "Baki Gábor" <baki.gabor () infobia hu> To: <security-basics () securityfocus com> Sent: Friday, September 08, 2006 3:41 PM Subject: RE: Draytek Router Passwords
Hi, As you log in to the router's admin web page, of course you give it to the admin's password. But I'm not sure you know that you give this password during the whole session several time. Even better said you send the password from your browser to the router (to your network!) with almost every mouse click. Authentication... with every click. Great, isn't it?
The
most interestin' "feature" is the "show connections" or sg like this. You can leave your computer there and leave open your browser with Draytek's admin page and all what happens is the admin password will be sent to the network regularly - every 5 or 10 seconds, as I remember.. Why? Because it is http and you can't set it to use https. This means,
your
consultant can simply sniff the admin's password. If e.g. dsniff or
Ettercap
or anything like these tools is used, your consultant don't have to
analyze
the packets at all, because there are shown just the userids & passwords Just give it a try! ;) This was the case @ Draytek 2200E & 2200X. Draytek hasn't developed a new firmware to support https. This is why we aren't interested in any of the newer products of Draytek, however the product itself is pretty good. So the solution could be the usage of https or ssh. But not @ Draytek's 2200.. Just http or telnet... In this case you shouldn't use this admin tool through the web. Instead: through a vpn. The question is whether your consultant has had access to your internal network, whether it was possible for him to sniff your internal network, whether you has used this tool during his sniffing and so on. Some tip: you should analyze your network and find out what part of it can be sniffed and what can you do against it. E.g. are your network's active components hubs or switches, whether you
use
ipsec for encrypting data stream through your network and how is it configured (I mean psk vs cert), whether you use 802.1x capable switches
and
whether this functionality is switched on (the most of the cases it is
NOT),
whether you use some solution against MITM attacks and so on... And don't forget the probably the most important part: train your colleagues, and change your network usage behaviour if needed. As Santosh Shelke wrote in an earlier mail sometimes the easyiest way is just to put the right question to the right person!! If your colleagues are not trained about these possible attacks and
several
circumstances, then it's just wasting of time and money to do anything against the mentioned methods of catching passwords or whatever. If your outside consultant is really outside and can't access your
internal
or external network for sniffing and if we don't have to talk about a
tricky
worm, trojan or whatever which could have been sent into your network to analyze it, so if he really cracked somehow your router's password, then
try
to use quite long and complex password (not contained in any dictionary
used
for dictionary based brute force attack) and change it regularly. And probably you could use a device with built-in protection against
several
kind of attacks. What about Linux? ;) Probably together with an IDS solution.. Or have you heard about Openwrt? Kind regards, Gabor -----Original Message----- From: Santosh Shelke [mailto:santosh.shelke () acm co in] Sent: Thursday, September 07, 2006 6:14 PM To: security-basics () securityfocus com Subject: Re: Draytek Router Passwords Hi! Yes! it is possible not just for router but for any Damn thing in this Internet world which has a password there are ways of getting around it example using keyloggers,Demo software....tools and then there are ways in which nothing is needed except the core thing
of
logical thinking and making you burp ! how did this happen? 1st of all tell me whcih make/firmware/IOS was the router , any recent software ( demo software ) you used, how many person are aware of router password & how many are having a access to config . hey a clever person will install software and gizmos(tools) to catch a worm but a wise will get just by asking the right question to right
person!
adios keep thinking Santosh shelke Keeping Network Alive & Safe ----- Original Message ----- From: "Gethin Jones" <gethinj () gethin net> To: <security-basics () securityfocus com> Sent: Thursday, September 07, 2006 4:23 AM Subject: Draytek Router PasswordsFolks, I have just had an outside consultant crack a password to one of my on site routers Does anybody have an idea as to how to go about this? I really don't want it to happen again and I seriously want to know how he did it, especially as the password as 10 characters long Best Regards G--------------------------------------------------------------------------
--
---- -------------------------------------------------------------------------- -This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic
Excellence
in Information Security. Our program offers unparalleled Infosecmanagementeducation and the case study affords you unmatched consulting
experience.
Using interactive e-Learning technology, you can earn this esteemeddegree,without disrupting your career or home life. http://www.msia.norwich.edu/secfocus-------------------------------------------------------------------------- - --------------------------------------------------------------------------
-
This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec
management
education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed
degree,
without disrupting your career or home life. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------
-
--------------------------------------------------------------------------
-
This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec
management
education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed
degree,
without disrupting your career or home life. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------
-
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Draytek Router Passwords Gethin Jones (Sep 07)
- Re: Draytek Router Passwords security (Sep 07)
- Re: Draytek Router Passwords Santosh Shelke (Sep 07)
- RE: Draytek Router Passwords Baki Gábor (Sep 09)
- Re: Draytek Router Passwords Santosh Shelke (Sep 09)
- RE: Draytek Router Passwords Baki Gábor (Sep 09)
- RE: Draytek Router Passwords Robert D. Holtz - Lists (Sep 08)