Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco 675 Denial of Service Attack

From: Erik Parker <eparker () MINDSEC COM>
Date: Fri, 1 Dec 2000 12:36:41 -0800
Or the ability to change it.. You can't change the Cisco 675 out of Bridge
mode into Route mode without the cooperation of Qwest/Whoever. They have
to make changes on their router as well. I went through this for a week
with Flashcom, to get out of briding mode.

Most never get their password for their Cisco either, however you can dump
the memory in the CBOS on boot, and read the "encrypted" password, which
is an off-by-2 sequence.. Where c is a, and e is c, and so on.




QWest DSL (of which I am a customer/user) uses the 675 in bridging mode
(in fact that is how it was delivered). AFIK it can be affected by traffic
about as much as a dumb hub can. However, you can make it active, give it
an IP address etc if you want to use it's NAT or WebAdmin capabilities.
Then you are vulnerable... 99% of those QWest customers who use the 675
probably wouldn't have a clue or a reason to change this.

-Chuck






Erik Parker
Mind Security

An armed society, is a polite society.
Previous By Date Next
Previous By Thread Next

Current thread: