Karin and me have just completed a little test, in case you own such a router. On the IASON homepage http://iason.site.voila.fr scroll down, look for the picture of the two pirates and klick Port 916 Backdoor the file udp916.tgz contains Makefile and sources for "test916 <router name or ip>" and in case your router does not answer port 916 udp a little server "server-916". The server must be run as root. It will terminate after the first test from the client, telling you at least the query from the client and the name and ip-addresses. Enjoy Peter and Karin Dambier Robert Boyle wrote:
At 05:48 PM 3/20/2007, you wrote:
I wonder what their security process is for other types of routers?
Try psirt@cisco.com
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.h...
-Robert
---------- Forwarded message ---------- Date: 20 Mar 2007 20:31:01 -0000 From: dniggebrugge@hotmail.com To: bugtraq@securityfocus.com Subject: Linksys WAG200G - Information disclosure
Hi there,
About 2 months ago I bought a wireless ADSL modem/router, the Linksys WAG200G. Just did some basic security checks and to my utter surprise the device responded with about all sensitive information it knows:
* Product model * Password webinterface * Username PPPoA * Password PPPoA * SSID * WPA Passphrase
I notified Linksys, got some regular support questions and was then assured my concerns would be forwarded to the product engineers. Some weeks later I tried again, same message, silence since then.
My firmware version is 1.01.01, latest available for this type.
'Technical' info: Sent a packet to UDP port 916. Answer contains mentioned information. (LAN interface and Wireless interface)
Greetings, Daniƫl Niggebrugge
Tellurian Networks - Global Hosting Solutions Since 1995 http://www.tellurian.com | 888-TELLURIAN | 973-300-9211 "Well done is better than well said." - Benjamin Frankli n
-- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: peter@peter-dambier.de mail: peter@echnaton.arl.pirates http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ http://www.cesidianroot.com/