Penetration Testing mailing list archives
Re: [Re: Linksys Pen Test]
From: IUSR_MAIL <iusr () usa net>
Date: 21 Jun 2001 15:32:24 CDT
It is a BEFSR41 - EtherFast 4-Port Cable/DSL Router. Thanks for all of your help so far!!! "Nexus" <nexus () patrol i-way co uk> wrote:
I use the BEFRS41 (DSL jobbie) myself (play nicely children) but prior to that, me and some of the lads took it into a dark room and gave it a good kicking. Seems pretty robust IMHO. The only issue I found with it was when logging traffic, it would stop logging if the activity got too high. But I use ummmm.... alternative logging methods ;-) Not sure if it has already been mentioned, but the web admin is disabled from the internet by default and doesn't listen on anything else by default (no SNMP, telnet etc) and can do egress as well as ingress filtering, NAT, port forwarding and the like. Not knowing the version you are looking at makes it difficult to add more. Besides, if you are on the internal net, who gives a toss about the
firewall
? :) Cheers. ----- Original Message ----- From: "NetW3.COM Consulting" <netw3 () cosmos lod com> To: <PEN-TEST () securityfocus com>; <mark () curphey com> Sent: Wednesday, June 20, 2001 7:22 AM Subject: RE: Linksys Pen TestWhich model of Linksys are you working with and what type of netowrk environment? One of my clients uses a Linksys DSL router, and the default authentication is admin/admin unless changed manually. This is a model BEFRsomething (can't remember the number off the top of my head). I've not tried to pen test the device, but I imagine if you could get to the internal network you could open up a web browser admin session to the device (found by traceroute to the outside, of course, or on the default address 192.168.1.1 as you said). Curt Wilson
Current thread:
- Re: [Re: Linksys Pen Test] IUSR_MAIL (Jun 22)