solution to this 'vulnerability'?
...first
addTelnetFilter xxx.xxx.xxx.xx1 xxx.xxx.xxx.xxL
...then
addSMTPFilter xxx.xxx.xxx.xx1 xxx.xxx.xxx.xxL
->where ...1 is the starting IP of your LAN
->and ...L is the LAST address locally - no public access?
At 07:19 AM 8/10/99 -0400, you wrote:
>At 12:07 PM 8/7/99 -0400, Scott Drassinower wrote:
>>It involves a bug that allows a password recovery feature to be utilized
>>from the LAN or WAN instead of just the serial console port.
>>
>>Basically, throwing enough 6 digit numbers at a pre-3.0.8 router will
>>allow you to get access to the box to do whatever you want. It appears as
>>if the problem started in 3.0.4, but I am not totally certain about that.
>
>So the vulnerability is essentially a brute force against telnet/snmp?
>Assuming you filter those out, is there another way of accessing?
>
>>--
>> Scott M. Drassinower
[EMAIL PROTECTED]
>> Cloud 9 Consulting, Inc. White
Plains, NY
>> +1 914 696-4000
http://www.cloud9.net
>>
>>On Thu, 5 Aug 1999, Matt wrote:
>>
>> > The following URL contains information about a firmware upgrade for
>> > FlowPoint DSL routers that fixes a possible "security compromise".
>> > FlowPoint has chosen not to release ANY information whatsoever about the
>> > vulnerability. I was curious if anyone had any more information
>> > about this vulnerability than what FlowPoint is divulging.
>> >
>> > http://www.flowpoint.com/support/techbulletin/sec308.htm
>> >
>> > thnx
>> >
>> > --
>> > I'm not nice, I'm vicious--it's the secret of my charm.
>> >
>
>--
>PGP Key can be found at http://www.panix.com/~budke/pgp/budke_budke_com.txt
>
