Bugtraq mailing list archives
Re: Cisco 675 password nonsense
From: dittrich () CAC WASHINGTON EDU (Dave Dittrich)
Date: Fri, 6 Aug 1999 11:24:05 -0700
With good reason. In bridging mode with a Windows 9x/NT box, your network neighborhood will show everyone else's PC that has any file/print sharing enabled. So, it's trivially easy to connect to a non-passworded share.
That depends on the DSL provider, I believe. On my USWest.net DSL connection, I only see packets on my side of the bridge that are destined for IP addresses I'm using, or broadcast ethernet/IP packets, which seems to be the same as what @Home customers (at least the ones in Seattle I've spoken with) see. I've heard from other DSL customers that they see everything (like Brian mentions). (Funny that I see lots of ARP requests from a.b.c.d to a.b.c.e, where e=d+1, repeated over, and over, and over again...) (An interesting note is that two DHCP assigned addresses on a hub can be on two entirely different USWest.net IP networks... good thing I'm not a Windows user, since Windows can't handle this!)
Now, ideally, all these shares would be passworded, but we know that'll never happen. Not having the shares show up in network neighborhood is a bit of security by obscurity, but it's harder to connect to a share if it's not in your network neighborhood.
Not really. While I haven't ever seen Network neighborhood announcements, I do notice that *.scour.net has been trying to make SMB connections to my Linux box nearly daily for a while, I presume looking for open file shares with MP3 files so they can grab/index them! USWest doesn't seem to care about this, at least not responding to my complaints to .scour.net and their tech support address. Some recent connections: Jul 1 00:15:24 209.249.159.31:8000 stone.scour.net Jul 12 20:04:11 209.249.159.163:137 yavin.scour.net Jul 12 20:16:48 209.249.159.163:23 yavin.scour.net Jul 12 20:16:51 209.249.159.163:23 yavin.scour.net Jul 12 20:16:58 209.249.159.163:23 yavin.scour.net Jul 12 20:17:10 209.249.159.163:23 yavin.scour.net Jul 12 20:17:35 209.249.159.163:23 yavin.scour.net Jul 12 20:18:23 209.249.159.163:23 yavin.scour.net Jul 12 20:20:00 209.249.159.163:23 yavin.scour.net Jul 12 20:22:00 209.249.159.163:23 yavin.scour.net Jun 15 22:49:27 195.154.200.4:554 canalweb2.isdnet.net Jun 15 22:49:33 195.154.200.4:554 canalweb2.isdnet.net Jun 15 22:49:46 195.154.200.4:554 canalweb2.isdnet.net Jun 15 22:50:12 195.154.200.4:554 canalweb2.isdnet.net Jun 15 22:51:03 195.154.200.4:554 canalweb2.isdnet.net Jun 15 22:52:45 195.154.200.4:554 canalweb2.isdnet.net Jun 15 22:56:10 195.154.200.4:554 canalweb2.isdnet.net Jun 16 20:28:57 209.249.159.46:137 scuzzlebutt.scour.net Jun 16 22:40:25 209.249.159.46:137 scuzzlebutt.scour.net Jun 17 00:56:27 209.249.159.46:137 scuzzlebutt.scour.net Jun 17 02:58:13 209.249.159.46:137 scuzzlebutt.scour.net Jun 17 04:43:57 209.249.159.46:137 scuzzlebutt.scour.net Jun 17 06:58:08 209.249.159.46:137 scuzzlebutt.scour.net Jun 17 06:58:09 209.249.159.46:137 scuzzlebutt.scour.net Jun 17 21:37:53 209.249.159.46:137 scuzzlebutt.scour.net Jun 17 23:32:40 209.249.159.46:137 scuzzlebutt.scour.net Jun 17 23:32:41 209.249.159.46:137 scuzzlebutt.scour.net Jun 18 01:16:44 209.249.159.46:137 scuzzlebutt.scour.net Jun 18 03:05:42 209.249.159.46:137 scuzzlebutt.scour.net Jun 18 04:39:30 209.249.159.46:137 scuzzlebutt.scour.net Jun 18 04:39:31 209.249.159.46:137 scuzzlebutt.scour.net Jun 18 05:22:47 209.249.159.31:8000 stone.scour.net Jun 18 06:21:20 209.249.159.46:137 scuzzlebutt.scour.net Jun 18 08:13:12 209.249.159.46:137 scuzzlebutt.scour.net Jun 18 15:23:41 209.249.159.46:137 scuzzlebutt.scour.net Jun 18 17:35:42 209.249.159.46:137 scuzzlebutt.scour.net Jun 18 17:35:43 209.249.159.46:137 scuzzlebutt.scour.net Jun 18 22:11:29 209.249.159.46:137 scuzzlebutt.scour.net Jun 18 23:53:20 209.249.159.31:8000 stone.scour.net Jun 18 23:53:21 209.249.159.31:8000 stone.scour.net Jun 19 00:17:00 209.249.159.46:137 scuzzlebutt.scour.net Jun 19 02:11:17 209.249.159.46:137 scuzzlebutt.scour.net Jun 19 04:04:27 209.249.159.46:137 scuzzlebutt.scour.net Jun 19 05:55:34 209.249.159.46:137 scuzzlebutt.scour.net Jun 19 07:46:05 209.249.159.46:137 scuzzlebutt.scour.net Jun 19 09:50:14 209.249.159.46:137 scuzzlebutt.scour.net Jun 19 12:03:36 209.249.159.46:137 scuzzlebutt.scour.net Jun 19 17:25:03 209.249.159.46:137 scuzzlebutt.scour.net Jun 19 19:13:16 209.249.159.31:8000 stone.scour.net Jun 19 20:04:59 209.249.159.46:137 scuzzlebutt.scour.net Jun 20 03:34:44 209.249.159.46:137 scuzzlebutt.scour.net Jun 20 03:34:45 209.249.159.46:137 scuzzlebutt.scour.net Jun 20 05:24:08 209.249.159.46:137 scuzzlebutt.scour.net Jun 20 07:32:11 209.249.159.46:137 scuzzlebutt.scour.net Jun 20 07:32:12 209.249.159.46:137 scuzzlebutt.scour.net Jun 20 13:57:12 209.249.159.31:8000 stone.scour.net Jun 20 14:00:15 209.249.159.46:137 scuzzlebutt.scour.net Jun 21 19:48:25 165.87.194.212:110 pop03.ca.us.ibm.net Jun 21 19:48:30 165.87.194.212:110 pop03.ca.us.ibm.net Jun 21 19:48:31 165.87.194.212:110 pop03.ca.us.ibm.net Jun 21 19:48:45 165.87.194.212:110 pop03.ca.us.ibm.net Jun 21 19:49:09 165.87.194.212:110 pop03.ca.us.ibm.net Jun 21 19:49:58 165.87.194.212:110 pop03.ca.us.ibm.net Jun 21 19:50:01 165.87.194.212:110 pop03.ca.us.ibm.net Jun 21 19:57:08 207.217.120.49:110 scaup.prod.itd.earthlink.net Jun 21 19:57:18 207.217.120.49:110 scaup.prod.itd.earthlink.net Jun 21 19:57:28 207.217.120.49:110 scaup.prod.itd.earthlink.net Jun 22 06:28:01 207.31.97.178:2446 smtp.amicapital.com Jun 22 06:28:03 207.31.97.178:2446 smtp.amicapital.com Jun 23 01:06:19 216.67.24.49:50307 nas-24-49.la.navinet.net Jun 23 01:06:19 216.67.24.49:50308 nas-24-49.la.navinet.net Jun 23 01:06:20 216.67.24.49:50308 nas-24-49.la.navinet.net Jun 23 01:06:20 216.67.24.49:50309 nas-24-49.la.navinet.net Jun 23 01:06:21 216.67.24.49:50309 nas-24-49.la.navinet.net Jun 23 01:06:22 216.67.24.49:50310 nas-24-49.la.navinet.net Jun 23 01:06:23 216.67.24.49:50311 nas-24-49.la.navinet.net Jun 23 01:06:24 216.67.24.49:50312 nas-24-49.la.navinet.net Jun 25 08:33:10 207.97.75.100:21986 Jun 28 20:50:21 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:50:22 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:50:23 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:50:24 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:50:26 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:50:28 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:50:31 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:50:36 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:50:43 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:50:56 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:50:59 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:51:05 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:51:06 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:51:17 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:51:18 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:51:43 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:51:52 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:52:31 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:53:24 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:55:24 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:55:36 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:55:37 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:55:38 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:55:39 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:55:40 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:55:42 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:55:45 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:55:46 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:55:48 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:56:00 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:56:25 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:58:55 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 20:59:24 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 21:00:55 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 21:02:55 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 21:54:37 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 21:54:40 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 21:54:46 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 21:54:59 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 21:55:23 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 22:16:30 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 22:18:07 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 28 22:20:13 24.4.191.41:23 cx800766-a.wwck1.ri.home.com Jun 30 00:22:05 209.249.159.31:8000 stone.scour.net Jun 30 13:31:41 209.249.159.31:8000 stone.scour.net -- Dave Dittrich Client Services dittrich () cac washington edu Computing & Communications University of Washington <a href="http://www.washington.edu/People/dad/"> Dave Dittrich / dittrich () cac washington edu [PGP Key]</a>
Current thread:
- Cisco 675 password nonsense DeMoNx (Jul 31)
- Re: Cisco 675 password nonsense Brian Elfert (Aug 03)
- Re: Cisco 675 password nonsense Dave Dittrich (Aug 06)
- Microsoft Security Bulletin MS99-027 Microsoft Product Security Response Team (Aug 06)
- Re: Cisco 675 password nonsense Brian Elfert (Aug 06)
- Microsoft Security Bulletin (MS99-027) Aleph One (Aug 06)
- Re: Cisco 675 password nonsense Signal 11 (Aug 07)
- Remote DoS of WebTrends Enterprise Reporting Server rpc (Aug 08)
- sdtcm_convert Joel Eriksson (Aug 08)
- NetBSD Security Advisory 1999-011 Ross Harvey (Aug 08)
- MS IE FTP Folder Shell Extension Buffer Overflow s.hird () STUDENT QUT EDU AU (Aug 09)
- [jen () ettnet se: sdtcm_convert] Joel Eriksson (Aug 09)
- Bay Annex-Pri Privacy Issues lumpy (Aug 09)
- Re: Cisco 675 password nonsense Dave Dittrich (Aug 06)
(Thread continues...)
- Re: Cisco 675 password nonsense Brian Elfert (Aug 03)