Re: Cisco 675 Denial of Service Attack

[CDI <cdi () THEWEBMASTERS NET>]

On Thu, 30 Nov 2000, poke wrote:

> QWest DSL (of which I am a customer/user) uses the 675 in bridging mode
> (in fact that is how it was delivered). AFIK it can be affected by traffic
> about as much as a dumb hub can. However, you can make it active, give it
> an IP address etc if you want to use it's NAT or WebAdmin capabilities.
> Then you are vulnerable... 99% of those QWest customers who use the 675
> probably wouldn't have a clue or a reason to change this.

The reference to Qwest DSL users in my advisory should have have been
clearer. There are, according to last years annual report, in excess of
110,000 Qwest DSL lines installed out there. (Much more than that now I'm
sure) I specify -lines- here, not Qwest.net (Qwest's ISP division)
-users-. The majority of ISPs that support Qwest DSL -lines- and the
associated Cisco 675 do so in PPP over ATM.  I used Qwest as my example as
they are the predominate DSL LEC in the US that uses the Cisco 675.
(Covering all or major portions of 14 US states)

This is where the numbers I used came from.. Add to this the number of
other adapters in the series with potentially the same vulnerability and
other telcos that have subsidized the purchase of these adapters for their
clients and the installation base balloons beyond my meager abilities to
calculate. Suffice-to-say, there are a buttload of Cisco 67x's out there
in PPP mode that are vulnerable to this attack - especially since the web
interface is enabled by default in the stock CBOS image.

CDI
____________________________________
The Web Master's Net
http://www.thewebmasters.net/
Today's Excuse:
Webmasters kidnapped by evil cult.