[Search for users]
[Overall Top Noters]
[List of all Conferences]
[Download this site]
| Title: | DEChub/HUBwatch/PROBEwatch CONFERENCE |
| Notice: | Firmware -2, Doc -3, Power -4, HW kits -5, firm load -6&7 |
| Moderator: | NETCAD::COLELLA�DT |
|
| Created: | Wed Nov 13 1991 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 4455 |
| Total number of notes: | 16761 |
2142.0. "DB90 local console break-in !!" by HGOCS::ANDYNG (Hong Kong MCS, Software Support) Sun Mar 26 1995 21:55
One customer encounter a security problem on DB90 version 9.14(9.2)
Following is from the customer:
From testing, local console port break-in is possible.
The intruder can break in the brouters as follows, even though we
encrypted the "enable" password:
1) First, local console port break-in to view all configuration
parameters(except "enable" password)
2) Then,local console port break-in to erase the configuration file
(hence also erase the enable password)
3) Afterwards, the intruder can input their own configuration
parameters.
In order to tackle this problem, we try to disable the local port
break-in function by setting the configuration register bit 8 as
mentioned in the user manual. However, we found that this function
does not work. That is, local port break-in still possible. If
local console port break-in is possible, the brouter has no protection
to guard intruder!!!
Is this a bug ? any work around ?
Andy
| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 2142.1 | | DELBOY::HATTOS | That tree looked at me | Mon Mar 27 1995 03:59 | 8 |
| Andy,
If this is a DECbrouter90, you would be better moving this note to the
brouter conference.
FWIW, I have seen this too. luckily my customer hasn't yet!
Stuart
|