Security risk 1

 

Today, I am very bored and have discovered something, so I can imagine it infinitely. I feel that China's network security business has not started yet, and I have recorded it to remind myself. I would also like to remind the bosses that they should not forget to be safe after making some money.

 

Background:

 

It's okay to get idle. You can navigate to a server in your hands and have a whimsy. Check out what the gateway provided by your ISP is. Then telnet and telnet, I was shocked. In fact, I have never thought about this before. I trust the ISP. I think that since someone else is an ISP, I must consider network security. I can log on via telnet directly, it was indeed unexpected.

 

Story:

Telnet xxx. xxx.2.177

Trying xxx. xxx.2.177...

Connected to xxx. xxx.2.177 (xxx. xxx.2.177 ).

Escape character is '^]'.

 

 

User Access Verification

 

Password:

Password:

Password:

% Bad passwords

Connection closed by foreign host.

 

The story tells us:

In the attitude of treating patients and saving lives after punishment, I performed mosaic processing on IP addresses. Although the password is not verified, it may be a Cisco device. Use line vty 0 15, password xxxxxxx, and login. In view of its Division of 255.255.255.255.248, it is estimated that all of its gateway addresses are any starting IP addresses of the 248 CIDR block. According to the test, the password verification interface is also displayed on login 2.185 and 2.193.

 

After testing, this vrotelnet can log on from any corner of the world, and I can even telnet to this vrotelnet from amazon cloud. That is to say, no prohibited ip segment is set, that is, there is no such thing as accesslist deny any. That is to say, I can guess the vro password theoretically through brute force. That is to say, if I use the powerful cloud computing capabilities, I can quickly calculate the password. That is to say, if I send bad syn or bad ack to deliberately create chaos and seduce the Administrator to log on, I can sniff the Router password theoretically. That is to say, anyone can do what I said to intentionally cause damage.

 

Of course, these are all guesses. I didn't mean to do this. I do not want to write a program to confirm the possibility of doing so. However, the plaintext transmission of telnet is undeniable, and this router is indeed open to users all over the world.

 

As I can imagine, this is just a data center that provides ISP services in China, but there are hundreds of thousands of data centers in China. Who can ensure that everyone uses ssh or ipsec, what about data management like vpn? Even if a large company buys vpn and firewall devices, there is a risk of information leakage in the services provided to you by the ISP. What are the purposes of purchasing these products? Now that you are connected to the service, you are bound to need a public IP address. I only need to know your public IP address, calculate your gateway, and log on to your gateway to delete all route information through a variety of tricks, you have countless firewalls, because I am doing some damage at the ISP and it has nothing to do with your device. Suppose I delete the IP route to Sina, which is a big disaster.

 

Therefore, this tells us how important it is to choose a secure ISP, not how fast it is to access, it is how powerful it can protect your servers and data. Many ISPs and websites in China may not pay much attention to this aspect. bosses pay more attention to the bandwidth of several megabytes. Once your server is inaccessible, you will pay dozens of times the cost. In fact, it takes only a few hours or a few dollars to pay for the software. In fact, finding someone who will configure ssh or vpn will not be much more expensive than ccna.

 

But speaking of this, I am excited again. In order to maximize the surplus value, the bosses always use IE as NP and NP as NA, and then let NA tea deliver water and laundry. If you think that you can earn more money, you don't know how much money you give and how much money people give you. You pay NP for IE. Naturally, people only do NP jobs, and you want others to do IE jobs.

 

Therefore, the bosses will take a moment to pay attention to the network security of their employees and you when making money. If you have nothing to worry about, you can rest assured that once something goes wrong, you will be enough to have a drink.

 

By the way, I recently listened to the CCSP course and listened to only one section. I understood why the OpenBSD team despised the people who spent money on VPN and firewall. Because hundreds of thousands of devices can do the same thing, a free operating system can do the same thing without being inferior to a professional device. If you use OpenBSD as a gateway routing system, you have to log on through ssh most times, instead of telnet. It should be noted that Cisco's IOS is a secondary development based on BSD, and the earliest implementation of the TCP/IP protocol is also a BSD system. Therefore, the BSD system has unparalleled inherent advantages in network applications and security. I am a loyal fan of BSD. Although I have been using Linux for nearly 15 years, this does not prevent me from switching to the BSD camp because it is really safe.

 

At the end, I don't know if my guess on this ISP is correct. Finally, I sent a mail to ask them to pay attention to this matter. I sincerely hope this is just a case by case.

This article is from the "practice test truth" blog