At 11:11 AM 1/19/01, Tony van Ree wrote:
>Hi,
>
>As long as the appropriate security/passwords are set it is probably every
>bit as good as any other form of remote access.
Remember that this wasn't CHAP or even PAP. It was Telnet. The Telnet
password both to reach his PC and to reach the routers is unencrypted. How
was the enable password sent? The characters were typed and sent
unencrypted. Getting a Sniffer to the right place to catch this would be
hard, but not impossible. Hopefully he will change the password used to
reach his PC, but it's not likely he'll change the router VTY and enable
passwords.
So what did the Cisco engineers to when they Telnetted into this back door
to configure the routers? Did they do show run by any chance? Yeah, I just
got the complete configuration of the customer's routers. That is
unencrypted also.
And don't say, well it's Telnet so it's one character at a time which would
make understanding it difficult. Responses in Telnet are not one character
at a time. The output of show run would be send in TCP segments using the
IP MTU. It would be very easy to understand.
I don't think most customers would even let him do what he did. A lot of
customers wouldn't have an analog phone line for him to use to dial up his
ISP. Analog phone-line backdoors are an infamous no-no.
I'd love to hear someone else's opinion too. Isn't anyone else as shocked
as I am?
Priscilla
>On Thursday, January 18, 2001 at 02:30:09 PM, Priscilla Oppenheimer wrote:
>
> > Sounds like a helpful troubleshooting method but what were the security
> > risks? Thoughts, anyone?
> >
> > Priscilla
> >
> > At 10:31 PM 1/17/01, J Roysdon wrote:
> > >Today I was a site w/o internet access, but I needed to get Cisco into
> it to
> > >save time relaying commands and information. I had a dial-up
> connection out
> > >to my ISP, and then thought about the built-in Telnet server that Windows
> > >2000 Professional has. I made a quick guest account for Cisco, and told
> > >them my dial-up IP, which they could connect to, and then once telnetted
> > >into my workstation, they were able to telnet out my NIC to the
> routers they
> > >needs to get to. Only catch is that you can only have one session up
> > >through it (enough for us):
> > >
> > >Microsoft (R) Windows (TM) Version 5.00 (Build 2195)
> > >Welcome to Microsoft Telnet Service
> > >Telnet Server Build 5.00.99201.1
> > >login: cisco
> > >password: *****
> > >Microsoft Windows Workstation allows only 1 Telnet Client License
> > >Server has closed connection
> > >
> > >When they were done, I just disabled the Cisco account. Rather handy now
> > >that I have it. I've run into a lot of troubleshooting where it was a
> real
> > >pain not to have internet access for Cisco to get in (or I didn't control
> > >the customer's firewall, etc.).
> > >
> > >After a successful telnet:
> > >*===============================================================
> > >Welcome to Microsoft Telnet Server.
> > >*===============================================================
> > >C:\>telnet 192.168.45.253
> > >Connecting To 192.168.45.253...
> > >
> > >
> > >
> > >--
> > >Jason Roysdon, CCNP/CCDP, MCSE, CNA, Network+, A+
> > >List email: [EMAIL PROTECTED]
> > >Homepage: http://jason.artoo.net/
> > >
> > >
> > >
> > >_________________________________
> > >FAQ, list archives, and subscription info:
> > >http://www.groupstudy.com/list/cisco.html
> > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> >
> > ________________________
> >
> > Priscilla Oppenheimer
> > http://www.priscilla.com
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> >
>
>
>--
>www.tasmail.com
________________________
Priscilla Oppenheimer
http://www.priscilla.com
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
