On Wed, Apr 11, 2001 at 06:06:38PM -0700, John Grant wrote:
Or
http://www.zdnet.com/zdnn/stories/news/0,4586,5080984,00.html
.. this one has links to the original researchers' findings and the CERT advisory.
ObSLE;
It looks like a fix to plug the remote-ability of this hole would be to insert an ipchains rule that blocks access from the local LAN to the modem's IP and the broadcast.
Perhaps - and this is off the top of my head here, so don't just use this and expect it to work :) - something like the following:
ipchains -I outout -i eth1 -d 10.0.0.138 -l -j DENY ipchains -I output -i eth1 -d 255.255.255.255 -l -j DENY
I think in the typical(?) situation of a home user using an affected Alcatel modem they probably don't care about blocking local access. they just want to block external access to the modem from Internet.
Comments?
I tried to access my Speed Touch Home at 10.0.0.138 but got no response. Does it mean that my modem is not vulnerable or it just has a different IP address? I got my modem from Pacific Bell, if that matters. -Kastus
On Wed, Apr 11, 2001 at 03:25:41PM -0400, Fred A. Miller wrote:
SECURITY HOLES FOUND IN ALCATEL ADSL MODEMS
April 11, 2001 08:42 AM
WEAK SECURITY IN high-speed ADSL (Asymmetric Digital Subscriber Line) modems from Alcatel could allow hackers to shut down the device, monitor data flows, and use it for cyber attacks, computer security experts said.
For Full Story: http://www.infoworld.com/articles/hn/xml/01/04/11/010411hnalc.xml?0411alert
-- -- ----/ / _ Fred A. Miller ---/ / (_)__ __ ____ __ Systems Administrator --/ /__/ / _ \/ // /\ \/ / Cornell Univ. Press Services -/____/_/_//_/\_,_/ /_/\_\ fm@cupserv.org