Bugtraq mailing list archives
Re: [BUGTRAQ] RE: hacking the mitsubishi GB-50A
From: Joe <joe () avvanta com>
Date: Mon, 24 Mar 2008 11:54:49 -0700 (PDT)
On Mon, 24 Mar 2008, James C. Slora Jr. wrote:
If you read your own post you would realize that Mitsubishi kept the device ipaddress prefix as 192.168.1 so only you can attack yourself.192.168 cannot be access from the internet ;-) [unless you NAT at which point its your NAT config problem]Wow, I'm glad to hear that machines with private addresses can't be attacked unless NAT is misconfigured. I'm also glad that we only have to worry about attacks coming directly from the Internet, and that our LANs are as safe as ever.
A security "problem" that is only a problem if security =elsewhere= has been breached... is not a problem in and of itself. The breach of your LAN is the problem.
If the device can only be attacked locally then it's really a non-issue. This is why securing your LAN is of paramount importance - because once they cross your DMZ there is no end to the number of ways you're screwed.
-- Joe Harris Administrator - Unix Systems Avvanta, Inc Security Officer Abuse Contact (425) 818-9900 Hostmaster (DNS Administration) (888) 662-5274 http://www.avvanta.com/
Current thread:
- hacking the mitsubishi GB-50A Chris Withers (Mar 22)
- RE: hacking the mitsubishi GB-50A Desai, Ashish (Mar 24)
- RE: hacking the mitsubishi GB-50A James C. Slora Jr. (Mar 24)
- Re: hacking the mitsubishi GB-50A Vincent Archer (Mar 25)
- Re: [BUGTRAQ] RE: hacking the mitsubishi GB-50A Joe (Mar 25)
- Re: hacking the mitsubishi GB-50A Chris Withers (Mar 25)
- RE: hacking the mitsubishi GB-50A James C. Slora Jr. (Mar 24)
- <Possible follow-ups>
- Re: hacking the mitsubishi GB-50A Steven M. Christey (Mar 26)
- Re: hacking the mitsubishi GB-50A Chris Withers (Mar 26)
- RE: hacking the mitsubishi GB-50A Desai, Ashish (Mar 24)