Re: [Lwip] Internet Census 2012 -- Insecure embedded devices
"Hannes Tschofenig" <Hannes.Tschofenig@gmx.net> Thu, 21 March 2013 12:54 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: lwip@ietfa.amsl.com
Delivered-To: lwip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CEB021F88BE for <lwip@ietfa.amsl.com>; Thu, 21 Mar 2013 05:54:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.682
X-Spam-Level:
X-Spam-Status: No, score=-100.682 tagged_above=-999 required=5 tests=[AWL=-0.741, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_44=0.6, J_CHICKENPOX_55=0.6, MIME_HTML_ONLY=1.457, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IMjKbkkoLvBD for <lwip@ietfa.amsl.com>; Thu, 21 Mar 2013 05:54:09 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by ietfa.amsl.com (Postfix) with ESMTP id 31F1921F85DB for <lwip@ietf.org>; Thu, 21 Mar 2013 05:54:09 -0700 (PDT)
Received: from 3capp-gmx-bs01.server.lan ([172.19.170.50]) by mrigmx.server.lan (mrigmx002) with ESMTP (Nemesis) id 0MAAwJ-1UP1qv13sH-00BNXs; Thu, 21 Mar 2013 13:53:56 +0100
Received: from [194.251.119.196] by 3capp-gmx-bs01.server.lan with HTTP; Thu Mar 21 13:53:56 CET 2013
MIME-Version: 1.0
Message-ID: <trinity-f942c434-4029-48a5-a285-f1b5555b6fc2-1363870436165@3capp-gmx-bs01>
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
To: Johannes Gilger <gilger@itsec.rwth-aachen.de>
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Date: Thu, 21 Mar 2013 13:53:56 +0100
Importance: normal
Sensitivity: Normal
In-Reply-To: <20130321102625.GA8504@blackbox>
References: <4E660C3F-9C78-472D-A557-70D45B1B715D@gmx.net> <009001ce25d4$783867a0$68a936e0$@chinamobile.com> <trinity-17e66bc1-04ff-4b6e-be35-fc5dfc3577da-1363860458006@3capp-gmx-bs01>, <20130321102625.GA8504@blackbox>
X-UI-Message-Type: mail
X-Priority: 3
X-Provags-ID: V03:K0:NPXb8Q+PAnkmN3LAji+ED1zdvf55+gdmQ/+3ycbB1ax abqE4DWHpkm6mmoK6U56HeJQgTrW2d374ksRs1/qlt1kuEuH2Z ouZZTvZw0sxKDNEZhugat4fDEiEfde5ZytvYOiIJMcSJ8ILxFG fs0JR4/PC3pBjnT0ohw089QlcHuFdK5qWAE+cB0AzJnlP6Q5rn coBCUyCAvSph6ffR44W2Q2vN9xb/yvPhAfw3cKTVFl1j0DeUdW 5+8oHJ4lcOUuXxWqUkzBU2JiZxa4fziURbUZhYqSdoB0NXenbc +WCyS4=
Cc: lwip@ietf.org
Subject: Re: [Lwip] Internet Census 2012 -- Insecure embedded devices
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Lightweight IP stack <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lwip>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Mar 2013 12:54:10 -0000
The Raspberry Pi was just a more modern example. The same pattern does, however, apply.
"
Von: "Johannes Gilger" <gilger@itsec.rwth-aachen.de>
An: "Hannes Tschofenig" <Hannes.Tschofenig@gmx.net>
Cc: "Cao Zhen (CZ)" <caozhen@chinamobile.com>, lwip@ietf.org
Betreff: Re: [Lwip] Internet Census 2012 -- Insecure embedded devices
don't know any current OS which enables telnet by default, much less
with root:root or admin:admin, not even the Raspberry Pi. So the set of
possible devices is already relatively small. Furthermore the author
developed and cross-compiled his bot-binary for OpenWRT platforms.
Regards,
Jojo
--
Dipl.-Inform. Johannes Gilger
Research Group IT-Security
RWTH Aachen University
Mies-van-der-Rohe-Straße 15
52074 Aachen
Office: 211
Phone: +49 241 80 20781
http://itsec.rwth-aachen.de" target="_blank" rel="nofollow">http://itsec.rwth-aachen.de
- [Lwip] Internet Census 2012 -- Insecure embedded … Hannes Tschofenig
- Re: [Lwip] Internet Census 2012 -- Insecure embed… Johannes Gilger
- Re: [Lwip] Internet Census 2012 -- Insecure embed… Carsten Bormann
- Re: [Lwip] Internet Census 2012 -- Insecure embed… Cao Zhen (CZ)
- Re: [Lwip] Internet Census 2012 -- Insecure embed… Hannes Tschofenig
- Re: [Lwip] Internet Census 2012 -- Insecure embed… Stephen Farrell
- Re: [Lwip] Internet Census 2012 -- Insecure embed… Johannes Gilger
- Re: [Lwip] Internet Census 2012 -- Insecure embed… Hannes Tschofenig
- Re: [Lwip] Internet Census 2012 -- Insecure embed… Brian Haberman
- Re: [Lwip] Internet Census 2012 -- Insecure embed… Bob Hinden