LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Modem config is vulnerable (https://www.linuxquestions.org/questions/linux-security-4/modem-config-is-vulnerable-676368/)

dlinux 10-14-2008 06:04 PM
Modem config is vulnerable
 
Well, here's the situation. I have a Motorola Surfboard SBV5220 cable Modem,and i recently found out that it has a control panel incorporated in port 80, where you can do things like reboot it, or restore factory defaults.The login details (which i CAN'T change because there's no option to do so) are "admin" with password "motorola", the problem is that it is accessible from the Internet.

On my Isp's IP block subnet i can find other people's router that are on the same situation as mine in the 10.2.0.x range, at least a hundred or so. First i thought that routers didn't route packets in private ranges like 10.x.x.x and second it is disturbing to know that someone sharing a subnet with me can do things like reboot my modem, because there's no option to change the default user and password.

I did a nmap scan on my modem and found out that it has a telnet server but the default username and password does not work, and there's no reference to modem control panels, telnet servers or passwords whatsoever in the documentation/CD.

So what i ask of you is:
Does anyone know how to disable the telnet server and control panel or know telnet's default user and pass to change it??

Im thinking of brute forcing the telnet server, but i would prefer that as a last option (it might take forever).
here follows some screenshots of mine and my neighbor's modem control panels:


http://img134.imageshack.us/my.php?i...toneevesy7.png


http://img525.imageshack.us/my.php?i...ificaltyh2.png

http://img397.imageshack.us/my.php?i...ncablemid8.png

amani 10-14-2008 07:37 PM
Bad service provider!

you must use suitable firewall rules...there are GUI tools for that too

But docsis means this should not be happening??

dlinux 10-15-2008 05:03 AM
The problem is that this has nothing to do with host security,i can completely block all network connections from my computer, but the cable modem and its incorporated servers are still accessible.

pinniped 10-15-2008 05:28 AM
Just to clarify things: is the cable modem accessible from the WAN side or the LAN side only? If it is the LAN side then the most common attack is to use a simple http script to reconfigure; the only defence I can think of is to filter all incoming https content and strip scripts (making much of the awful internet unusable). Perhaps someone wrote a plugin for your favorite browser which filters out such incoming streams? If the attack is on the WAN side, all you can do is replace the modem.

dlinux 10-15-2008 06:00 AM
It is accessible on the Wan side (those pics show mine and 2 of my neighbors modem's Internet accessible servers).

The problem with this is that i Can't implement any filtering rules because it is on the modem, as far as im concerned i could trow my computer out of the window that the modem would still be accessible,as long as it's turned on.

About changing my modem, i can't because the modem belongs to my ISP and as you can see from the screenshots, there are several brands with the same problems.

And can someone please explain me why i can access 10.x.x.x IP's from outside my local network?

Total-MAdMaN 10-15-2008 06:24 AM
Quote:
Originally Posted by dlinux (Post 3310648)
And can someone please explain me why i can access 10.x.x.x IP's from outside my local network?
Your ISP has put you on it's own network, which is using the 10.x.x.x addresses.

The best thing to do to try and solve the problem with the modem would be to contact your ISP and express your concerns.


All times are GMT -5. The time now is 11:03 PM.