The newest edition to our IT Department (he's been in Tech Support for 3 years) emailed me this afternoon (full email below). I didn't believe him at first so I telneted to on of our TC boxes and when prompted with "Login:" I typed adm and pressed Enter. HOLY COW! It said "Hiper:" and I had full access. I'm curious as to how many people on this list were vulnerable like us (we have 20 TC boxes throughout Southeast Missouri). Brian Brian Becker President, Poplar Bluff Internet, Inc. P.O. Box 190 | Poplar Bluff, MO 63902 | 573.686.9114 Home of http://semo.net - Southeast Missouri's Online Community http://TotallyFabricated.com Total Scrutinizer - Tech Support Just Got Easier WebGabber - All-html Web Chat Software -----Original Message----- From: Adam Barnhill Sent: Tuesday, July 24, 2001 6:41 PM To: ---interoffice DataComm List--- Subject: [datacomm] Secret access to TCs It has come to my attention that our TCs were vulnerable to anyone's attack. User : adm Would allow access to manage and login to our TCs. The fix was easy. Just 'del user adm' and then 'save all' (thanx Brian) I was actually searching for TC command references, and happened upon ;) a hack list of default and backdoor passwords. The link I originally found a hack article on is http://the.wiretapped.net/security/info/textfiles/k1ine_11.txt and the password list is in that tree somewhere.. Lots of backdoors for other RAS, switches, hubs and other.. Adam Barnhill Systems Technician / IT Dept. Semo.net / Poplar Bluff Internet, Inc. 1(877)686-9114 http://semo.net/ _______________________________________________ datacomm mailing list datacomm@lists.semo.net http://lists.semo.net/mailman/listinfo/datacomm - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
Also sprach Brian Becker
The newest edition to our IT Department (he's been in Tech Support for 3 years) emailed me this afternoon (full email below). I didn't believe him at first so I telneted to on of our TC boxes and when prompted with "Login:" I typed adm and pressed Enter. HOLY COW! It said "Hiper:" and I had full access.
Indeed...always set a password for adm... Also...might want to be careful with the fix there. Early versions of Arc code (if I remember correctly) would re-add the adm account at a reboot with a blank password! The more correct fix is to disable the account, not delete it. I think the command to do that is just "disable user adm". Since 4.2.x versions of code, I think, deleted adm accounts stayed deleted though, so anything recent should be ok for you. -- Jeff McAdams Email: jeffm@iglou.com Head Network Administrator Voice: (502) 966-3848 IgLou Internet Services (800) 436-4456 - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
This is an old vulnerability. The docs note that a password should be set, or the user deleted. I found this snippet in a log of our original config from '99: add user "!root" password "password" type login,manage delete user adm In other words, adding the old "!root" user from the old netserver days and nuking the adm user. If there were still searchable archives for this list, it would pop up, but usr-tc.datasys.net just mocks us, as the owner has apparently moved to another RAS :) Charles | Charles Sprickman | Internet Channel | INCH System Administration Team | (212)243-5200 | spork@inch.com | access@inch.com On Tue, 24 Jul 2001, Brian Becker wrote:
The newest edition to our IT Department (he's been in Tech Support for 3 years) emailed me this afternoon (full email below). I didn't believe him at first so I telneted to on of our TC boxes and when prompted with "Login:" I typed adm and pressed Enter. HOLY COW! It said "Hiper:" and I had full access.
I'm curious as to how many people on this list were vulnerable like us (we have 20 TC boxes throughout Southeast Missouri).
Brian
Brian Becker President, Poplar Bluff Internet, Inc. P.O. Box 190 | Poplar Bluff, MO 63902 | 573.686.9114
Home of http://semo.net - Southeast Missouri's Online Community http://TotallyFabricated.com Total Scrutinizer - Tech Support Just Got Easier WebGabber - All-html Web Chat Software
-----Original Message----- From: Adam Barnhill Sent: Tuesday, July 24, 2001 6:41 PM To: ---interoffice DataComm List--- Subject: [datacomm] Secret access to TCs
It has come to my attention that our TCs were vulnerable to anyone's attack.
User : adm Would allow access to manage and login to our TCs. The fix was easy. Just 'del user adm' and then 'save all' (thanx Brian)
I was actually searching for TC command references, and happened upon ;) a hack list of default and backdoor passwords. The link I originally found a hack article on is http://the.wiretapped.net/security/info/textfiles/k1ine_11.txt and the password list is in that tree somewhere.. Lots of backdoors for other RAS, switches, hubs and other..
Adam Barnhill Systems Technician / IT Dept. Semo.net / Poplar Bluff Internet, Inc. 1(877)686-9114 http://semo.net/
_______________________________________________ datacomm mailing list datacomm@lists.semo.net http://lists.semo.net/mailman/listinfo/datacomm
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
I have the archives through sometime in April 2001. This is too valuable a resource to see fade away. If someone has a clue, I have server space and a Linux based system. Jim Tarvid, LSNet - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
Also sprach tarvid@ls.net
I have the archives through sometime in April 2001.
This is too valuable a resource to see fade away.
If someone has a clue, I have server space and a Linux based system.
usr-tc.1st.net still seems to be actively archiving and is searchable. I think Ed has moved on to other RAS units as well, though could be wrong on that...but the archive and search still worked the last time I checked it (about the time that 3Com decided to try to squelch me). -- Jeff McAdams Email: jeffm@iglou.com Head Network Administrator Voice: (502) 966-3848 IgLou Internet Services (800) 436-4456 - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
I was talking to a PacBell tech today and he indicated that NI2 may now support b channel messaging. I think this means that the TCM should be able to busy out modems, which we haven't been able to do previously under NI2. Can anyone confirm this? Seth
participants (5)
-
Brian Becker -
Charles Sprickman -
Jeff Mcadams -
Seth Jacobs -
tarvid@ls.net