[lug] Cisco 675 security

Sebastian Sobolewski spsobole at uswest.net
Mon May 14 16:48:17 MDT 2001 

I'm running my c675 in NAT mode.  And have the telnet and web ports (23 and 
80) forwarded to my linux box siting on a private (10.x.x.x) address behind 
the modem.   Now if i hit port 80 at my qwest (external) IP, I am forwarded 
to my linux web/telnet server.  But, if I go to 10.0.0.l I can get both WEB 
and telnet access to the modem from any IP inside my private network. Quite 
convenient actually.

         If you want to run the modem in NAT mode and have access from 
inside your private net, You can tell the modem to forward all port 23 and 
80 access to some nonexistent IP on a private ip (IE: 
10.0.0.254).  Basically this will route incoming scans to an ip that is not 
used and the scanner will get a cnx denied.

-Sebastian

At 11:19 AM 5/14/2001 -0600, you wrote:
>Hello,
>
>This might be of interest to owners of Cisco 675 ASDL modems.
>
>I am using a Cisco 675 modem for my ASDL connection. The other day, I
>ran Steve Gibson's port scanner (www.grc.com) against my ISP address
>and found the telnet and http ports to be open.
>
>When I called Qwest to see why, I was told that these modems were set
>up with these ports disabled, until the user connected to the CBOS, at
>which time they were enabled. I disabled them by telnetting in and
>then issuing, as root, the commands "set telnet disable" and "set web
>disable". Of course, this means that in the future that the ONLY way I
>can connect to configure the modem is by use of the serial cable.
>
>Now I went back Gibson's site and ran the port scanner again. It still
>showed the ports as open. However, when I try to connect I immediately
>get disconnected. This occurs both under NT and Linux.
>
>Running nmap against my IP address revealed:
>
>     -- if nmap -sT -sU is used, all ports are closed. This took 31
>seconds.
>
>     -- if nmap -P0 is used, the telnet and http port are open. This
>took 671 seconds.
>
>Apparently leaving these ports open, according to Qwest, is a design
>"feature" on the part of Cisco and there has never been any
>explanation for it. While it would appear that although the ports may
>be open, connections to them are refused, so I am making the
>assumption that my 675 is secure.
>
>Comments, anyone?
>
>--
>B. O'Fallon
>bof at americanisp.net
>
>I wrote it down so that I wouldn't have to remember.
>
>
>_______________________________________________
>Web Page:  http://lug.boulder.co.us
>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list