From: Jeff Shultz 

On Thu, 31 Mar 2005 06:19:13 -0500, Geo wrote:

> We had disabled the web interface on all the cisco 678 routers on our dsl
> network, yet when codered hit it crashed those routers because even though
> the web interface was disabled it had not stopped holding the port and
> codered was crashing the router via that port.
>
> since then, if the feature can't be uninstalled I don't consider it not
> exploitable just because some "disable" checkbox is checked.
>

Yet another advantage of RFC1483 Bridged mode... we didn't lose any. Of
course, I'm not sure if we had 445 blocked at the time or not - it was a
few months before I was hired.

I made the nasty discovery that our current modem when in router mode was
accessible even if you told it not to be. I had the manufacturer come up
with a set of firewall rules that now go into every modem, whether it's
going to be a router or not.

--- BBBS/NT v4.01 Flag-5