[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fwd: 3Com switches - undocumented access level.]
It is remote access - via telnet!
Rabid Wombat wrote:
>
> Since you didn't specify the method of access. it is hard to determine if
> this is a large security hole. Most equipment can be rebooted and brought
> up without a password IF you have local access. For example, Cisco routers
> can be brought up without password simply by specifying the starting
> address of the load file, but you have to be at the local console to do
> this.
>
> UNIX systems can be brought up w/o password in single-user mode, if you
> have local access. Yes, there are firmware passwords to guard against
> this on many systems, but one can always swap up the eeprom, etc.
>
> I'd only be worried about the 3Com backdoor if it can be used remotely.
> Got any details?
>
> -r.w.
--
=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.| Ray Arachelian |Prying open my 3rd eye. So good to see |./|\.
..\|/..|[email protected]|you once again. I thought you were |/\|/\
<--*-->| ------------------ |hiding, and you thought that I had run |\/|\/
../|\..| "A toast to Odin, |away chasing the tail of dogma. I opened|.\|/.
.+.v.+.|God of screwdrivers"|my eye and there we were.... |.....
======================= http://www.sundernet.com ==========================