G_kOS
Среда, 28 Ноября 2001, 0:48
1. v dvuh slovah,
kogda DOCSIS-compliant modem startuet, ego bootpc broadcastit snachala na HFC potom na eth, isha bootps. kogda nahodit, to poluchaet dhcp-lease na HFC + cookie s adressom tftp servera + path & imja faila nastrojek(v kotorom limitirovana bandwidth).
esli postavit u sebja bootps i tftp, gde na svoi tftp polozhit binarnik s tweaked nastroikami, to on zaberet ego u tebja, t.k. ti "blizhe" (dlja pushego ubezhdenija ego mozhno "pingfloodit"). vse.
2. obichno firmware v modeme proshita s NOSHELOm (t.k. tech-support = idioti), toest podsoedinitsa ti mozhesh, no shela ne poluchish. u/n i p/w netu.
hotja mozhesh poprobovat vmesto p/w serial number aka HFC MAC, mozhet prokonaet
na modeme na ethernete
na tcp otkrito
23/tcp open telnet
80/tcp open http
513/tcp open login
na udp otrito
161/udp open snmp
514/udp open syslog
na HFC otkrito tozhe samoe krome web-interface'a.
telnet i rlogin ne dajut shela, tuda lezt bespolezno.
edinstvennoe mozhno cherez snmp
(poprobuj proitis po nemu snmpwalk'om)
P.S.
ubit(zanjuchit) CB cherez snmp kak dva palca, prichem u ljubogo usera kotorij podkljuchen k tvoemu provu.
edinstvennoe chto ostajetsa, eto zaroute'it ves traffic s chuzhogo CB, cherez sebja na prova, i perehvatit etot dolbaniy binarnik