Insecure Routers on IOL

MrPinK

Originally posted by Sleipnir
But, if you have such experience then you should know better then to post such vulnerabilities on public forums. It just makes things worse

It's not exactly a 0 day exploit he's posted. He scanned a block of IP addresses, saw a lot of people who hadn't conigured their routers properly, and posted here to try and warn them. If he had posted up details on how to take advantage of it then it be very serious.

Before this thread started, one person on boards knew about the hole, now 953 people know about it. That is not good security practice.

The millions (I've no idea how many actually) of people all around the world who use Bugraq would disagree with out. Unless people are aware of the problem they are not going to fix it. Most people (those who don't read MS security alerts) would have welcomed a big post about the RPC vunerability before MS Blaster hit.

bk

Originally posted by ronoc

My point is this information is already in the public domain. There already have been advisories about the default settings of this particular router. Google it at your leisure.

Ignoring the problem is not the solution. People need to be aware of this problem. It is something that novice users must be made aware of.

While the information was in the public domain and I do know other people knew about it. Most people wouldn't have connected the security focus notice with the Esat service in particular.

We know that probably most of the stupid crackers in Ireland probably visist boards and by highligthing it here you are putting it right under their noise.

You should have made an effort to contact the Esat network admins. I realise that the CS people are useless for this sort of thing, but for something this serious, your best beat would have been to actually call into the Esat offices and asked to speak to a manger and network admin about it.

If they continued to ignore you after that then you would be right to publish the problem.

This is the normal procedure in the computer security world.

MrPinK

Originally posted by bk
You should have made an effort to contact the Esat network admins. I realise that the CS people are useless for this sort of thing, but for something this serious, your best beat would have been to actually call into the Esat offices and asked to speak to a manger and network admin about it.

If they continued to ignore you after that then you would be right to publish the problem.

This is the normal procedure in the computer security world.

I would completely agree with that *IF* it was a hardware/software problem that was the cause of the security problem, but that's not the case. Here the problem is with the users, who haven't setup their equipment correctly. How else to you contact them if not a public forum?

albertw

Originally posted by bk
You should have made an effort to contact the Esat network admins. I realise that the CS people are useless for this sort of thing, but for something this serious, your best beat would have been to actually call into the Esat offices and asked to speak to a manger and network admin about it.

If they continued to ignore you after that then you could have published the porblem.

This is the normal procedure in the computer security world.

For example if you report a vunerability to CERT, before they even ask for the details of the vunerability they ask if you have contacted the vendor. CERT will wait for a response/resolution from the company in question (usually) before releaseing their alert.

Had this been done, iol would have had the oppertunity to resolve the problem, or issue a statement about why they didnt see it as a problem etc. This way iol are firefighting. And thats not in anyones best interest. (I dont see how shipping it set to ALL is in anyones interest either mind you!)

Cheers,
~Al

secret_squirrel

It might also be useful to point out to IOL that making sure they themselves or their customers secure their routers might have an effect on the 2-12% article of the traffic moving across their network thats malicious in origin, (portscans not withstanding ) thus saving them mucho moola in bandwidth charges.

But you'd think they would have figured that out for themselves.

(Personally Im glad my zytel is in the back of the press)