Nathan_200sx
11-02-2003, 13:53
CHANGE YOU FLIPPIN ROOT password.
Just playing about, as you do ;) and have found that the vast majority of dsl router's allow you to access the config utility "EXERNALY" by default. very dangerouse in my opinion, even more so with the average joe puplic knowing squat about security. The most worrying thing is that no one seems to be changing the default username and password for root, this almost makes me a little sad as to how vulnerable these people are. By accessing the config I can do pretty much anything with thier internal machine's or be just plain nasty and reconfig the router and change the password so they cant get back in to fix it. you can get all the default usernames and passwords by downloading any online manuals from the manufacturer of the router. The manual will contain detail of how to access this config from the internal network and give you the passwords to do so. Many make no mention of accessing it from an external ip so people dont worry about the root password.
I have mailed a few isp's where I know they send out certain routers asking them to make sure there customers 1st action is to change the password.
So guys just be aware, unfortunatly there are some scrotes out there who think it's funny or that there clever by screwing somebody up.
Just playing about, as you do ;) and have found that the vast majority of dsl router's allow you to access the config utility "EXERNALY" by default. very dangerouse in my opinion, even more so with the average joe puplic knowing squat about security. The most worrying thing is that no one seems to be changing the default username and password for root, this almost makes me a little sad as to how vulnerable these people are. By accessing the config I can do pretty much anything with thier internal machine's or be just plain nasty and reconfig the router and change the password so they cant get back in to fix it. you can get all the default usernames and passwords by downloading any online manuals from the manufacturer of the router. The manual will contain detail of how to access this config from the internal network and give you the passwords to do so. Many make no mention of accessing it from an external ip so people dont worry about the root password.
I have mailed a few isp's where I know they send out certain routers asking them to make sure there customers 1st action is to change the password.
So guys just be aware, unfortunatly there are some scrotes out there who think it's funny or that there clever by screwing somebody up.