[lug] Cisco 675 security

B O'Fallon bof at americanisp.net
Mon May 14 11:19:16 MDT 2001


This might be of interest to owners of Cisco 675 ASDL modems.

I am using a Cisco 675 modem for my ASDL connection. The other day, I
ran Steve Gibson's port scanner (www.grc.com) against my ISP address
and found the telnet and http ports to be open.

When I called Qwest to see why, I was told that these modems were set
up with these ports disabled, until the user connected to the CBOS, at
which time they were enabled. I disabled them by telnetting in and
then issuing, as root, the commands "set telnet disable" and "set web
disable". Of course, this means that in the future that the ONLY way I
can connect to configure the modem is by use of the serial cable.

Now I went back Gibson's site and ran the port scanner again. It still
showed the ports as open. However, when I try to connect I immediately
get disconnected. This occurs both under NT and Linux.

Running nmap against my IP address revealed:

    -- if nmap -sT -sU is used, all ports are closed. This took 31

    -- if nmap -P0 is used, the telnet and http port are open. This
took 671 seconds.

Apparently leaving these ports open, according to Qwest, is a design
"feature" on the part of Cisco and there has never been any
explanation for it. While it would appear that although the ports may
be open, connections to them are refused, so I am making the
assumption that my 675 is secure.

Comments, anyone?

B. O'Fallon
bof at americanisp.net

I wrote it down so that I wouldn't have to remember.

More information about the LUG mailing list