Default Passwords for network switches and devices

Monday, July 12, 2010

Default usernames and passwords for Routers/Switches/Hubs and others thingies

   Type/vendor/notes/etc                     Username Password
   3Com                                      admin    synnet
   3Com                                      read     synnet
   3Com                                      write    synnet
   3Com                                      monitor  monitor
   3Com                                      manager  manager
   3Com                                      security security
   3Com_Office_Connect_5x0_ISDN_Routers      n/a      PASSWORD
   3comCellPlex7000                          tech     tech
   3comCoreBuilder7000/6000/3500/2500        debug    synnet
   3comCoreBuilder7000/6000/3500/2500        tech     tech
   3comHiPerARCv4.1.x                        adm      <blank>
   3ComLANplex2500                           debug    synnet
   3ComLANplex2500                           tech     tech
   3comLinkSwitch2000/2700                   tech     tech
   3comSuperStackIISwitch                    2200     debug
   3comSuperStackIISwitch                    2700     tech
   ACC(Ericsson)                             netman   netman
   ADC_Kentrox_Pacesetter_Router             n/a      secret
   All_Zyxel_equipment                       n/a      1234
   AT&T_3B2_firmware                         n/a      mcp
   AXIS200/240[netcam]                       root     pass
   Bay_routers                               Manager  <blank>
   Bay_routers                               User     <blank>
   Bay350T_Switch                            n/a      NetICs
   BaySuperstackII                           security security
   BRASX/I01_(DataCom)                       n/a      letmein
   BreezeCOM_adapters2.x(console_only)       n/a      laflaf
   BreezeCOM_adapters3.x(console_only)       n/a      Master
   BreezeCOM_adapters4.x(console_only)       n/a      Super
   Cayman_DSL                                n/a      <blank>
   Crystalview_outsideview32                 n/a      crystal
   digiCorp_(viper?)                         n/a      BRIDGE
   digiCorp_(viper?)                         n/a      password
   DLink_hub/switches                        D-Link   D-Link
   Flowpoint_DSL_installed_by_Covad          n/a      password
   Flowpoint_DSL2000                         admin    admin
   Jetform_design                            Jetform  n/a
   Lantronics_Terminal_server_port           7000     n/a
   Lantronics_Terminal_server_port           7000     n/a
   Linksys_DSL                               n/a      admin
   Livingston_IRX_router                     !root    <blank>
   Livingston_officerouter                   !root    <blank>
   Livingston_portmaster2/3                  !root    <blank>
   Microplex_print_server                    root     root
   Motorola-Cablerouter                      cablecom router
   Netopia_7100                              <blank>  <blank>
   Netopia_9500                              netopia  netopia
   Orbitor_console                           n/a      password
   Orbitor_console                           n/a      BRIDGE
   Osicom(Datacom)                           sysadm   sysadm
   Shiva                                     root     <blank>
   Shiva                                     Guest    <blank>
   SpeedstreamDSL(Efficient)                 n/a      admin
   UClinux_for_UCsimm                        root     uClinux
   Webramp                                   wradmin  trancell
   Alteon ACEswitch 180e (web)               admin    admin
   Alteon ACEswitch 180e (telnet)            admin    <blank>
   NETPrint (all)                            n/a      sysadm
   Xylan Omniswitch                          admin    switch
   Xylan Omniswitch                          diag     switch
   AcceleratedDSL CPE and DSLAM              sysadm   anicust
   Arrowpoint                                admin    system
   Cabletron (routers & switches)            <blank>  <blank>

Help with ping

Help with ping, winipcfg, and other network commands.
Issue:

Help with ping, winipcfg, and other network commands.
Cause:

It may be necessary to utilize utilities such as ping, winipcfg, tracert, etc to help identify and fix network related issues.
Solution:

Below is a listing of the various network related commands used in MS-DOS, Windows, Linux, Unix, and other operating systems. Each command includes additional information to what the command does, the command's syntax, and miscellaneous information.

Note: If you are not the root or admin of a computer, it is possible for these commands to be disabled or revoked.

Arp
Finger
Hostname
Ipconfig
Pathping
Ping
Nbtstat
Net
Netstat
Nslookup
Route
Tracert / Traceroute
Whois
Winipcfg

ARP

Display or manipulate the ARP information on a network device or computer.
Additional information about the MS-DOS arp command can be found here.

FINGER

The finger command available in Unix / Linux variants allows a user to find sometimes personal information about a user. This information can include the last time the user logged in, when they read their e-mail, etc... If the user creates a .PLAN or other related file the user can also display additional information.
Unix / Linux and variant finger command information can be found here.

HOSTNAME

The hostname command displays the host name of the Windows XP computer currently logged into.
Additional information about the MS-DOS hostname command can be found here.

IPCONFIG

Ipconfig is a MS-DOS utility that can be used from MS-DOS and a MS-DOS shell to display the network settings currently assigned and given by a network. This command can be utilized to verify a network connection as well as to verify your network settings.

Windows 2000 users should use this command to determine network information.
Additional information about ipconfig can be found here.

PATHPING

Pathping is a MS-DOS utility available for Microsoft Windows 2000 and Windows XP users. This utility enables a user to find network latency and network loss.
Additional information about the pathping command can be found here.

PING

Ping is one of the most commonly used and known commands. Ping allows a user to ping another network IP address. This can help determine if the network is able to communicate with the network.
MS-DOS / Windows ping command and information can be found here.
Unix / Linux and variant ping command information can be found here.

NBTSTAT

The nbtstat MS-DOS utility that displays protocol statistics and current TCP/IP connections using NBT.
MS-DOS / Windows nbtstat command and information can be found here.

NET

The net command is available in MS-DOS / Windows and is used to set, view and determine network settings.
MS-DOS / Windows net command and information can be found here.

NETSTAT

The netstat command is used to display the TCP/IP network protocol statistics and information.
MS-DOS / Windows netstat command and information and be found here.
Unix / Linux netstat command and information and be found here.

NSLOOKUP

The nslookup MS-DOS utility that enables a user to do a reverse lookup on an IP address of a domain or host on a network.
MS-DOS / Windows nslookup command and information can be found here.
Unix / Linux nslookup command and information and be found here. Linux users may also be interested in the host command that performs a similar task.

ROUTE

The route MS-DOS utility enables computers to view and modify the computer's route table.
MS-DOS route command information can be found here.

TRACERT / TRACEROUTE

The tracert command in MS-DOS / Windows or the traceroute command in Unix / Linux and variants is another commonly used network command to help determine network related issues or slowdowns. Using this command you can view a listing of how a network packet travels through the network and where it may fail or slow down. Using this information you can determine the computer, router, switch or other network device possibly causing your network issues.
MS-DOS / Windows tracert command and information can be found here.
Unix / Linux and variant traceroute command information can be found here.

WHOIS

The whois command available in Unix / Linux variants helps allow a user to identify a domain name. This command provides information about a domain name much like the WHOIS on network solutions. In some cases the domain information will be provided from Network Solutions.
Unix / Linux and variant whois command information can be found here.

WINIPCFG

The winipcfg command available in Windows allows a user to display network and network adapter information. Here, a user can find such information as an IP address, Subnet Mask, Gateway, etc...
Windows winipcfg command and information can be found here.

NOTE: Windows 2000, Windows XP and above users do not have winipcfg. Instead, use ipconfig.

Create A Huge File

You can create a file of any size using nothing more than what's supplied with Windows. Start by converting the desired file size into hexadecimal notation. You can use the Windows Calculator in Scientific mode do to this. Suppose you want a file of 1 million bytes. Enter 1000000 in the calculator and click on the Hex option to convert it (1 million in hex is F4240.) Pad the result with zeroes at the left until the file size reaches eight digits-000F4240.

Now open a command prompt window. In Windows 95, 98, or Me, you can do this by entering COMMAND in the Start menu's Run dialog; in Windows NT 4.0, 2000, or XP enter CMD instead. Enter the command DEBUG BIGFILE.DAT and ignore the File not found message. Type RCX and press Enter. Debug will display a colon prompt. Enter the last four digits of the hexadecimal number you calculated (4240, in our example). Type RBX and press Enter, then enter the first four digits of the hexadecimal size (000F, in our example). Enter W for Write and Q for Quit. You've just created a 1-million-byte file using Debug. Of course you can create a file of any desired size using the same technique.

Anonymity of Proxy

Anonymity of Proxy

The exchange of information in Internet is made by the "client - server" model. A client sends a request (what files he needs) and a server sends a reply (required files). For close cooperation (full understanding) between a client and a server the client sends additional information about itself: a version and a name of an operating system, configuration of a browser (including its name and version) etc. This information can be necessary for the server in order to know which web-page should be given (open) to the client. There are different variants of web-pages for different configurations of browsers. However, as long as web-pages do not usually depend on browsers, it makes sense to hide this information from the web-server.

What your browser transmits to a web-server:
a name and a version of an operating system
a name and a version of a browser
configuration of a browser (display resolution, color depth, java / javascript support, ...)
IP-address of a client
Other information

The most important part of such information (and absolutely needless for a web-server) is information about IP-address. Using your IP it is possible to know about you the following:
a country where you are from
a city
your provider?s name and e-mail
your physical address

Information, transmitted by a client to a server is available (accessible) for a server as environment variables. Every information unit is a value of some variable. If any information unit is not transmitted, then corresponding variable will be empty (its value will be undetermined).

These are some environment variables:

REMOTE_ADDR ? IP address of a client

HTTP_VIA ? if it is not empty, then a proxy is used. Value is an address (or several addresses) of a proxy server, this variable is added by a proxy server itself if you use one.

HTTP_X_FORWARDED_FOR ? if it is not empty, then a proxy is used. Value is a real IP address of a client (your IP), this variable is also added by a proxy server if you use one.

HTTP_ACCEPT_LANGUAGE ? what language is used in browser (what language a page should be displayed in)

HTTP_USER_AGENT ? so called "a user?s agent". For all browsers this is Mozilla. Furthermore, browser?s name and version (e.g. MSIE 5.5) and an operating system (e.g. Windows 98) is also mentioned here.

HTTP_HOST ? is a web server?s name

This is a small part of environment variables. In fact there are much more of them (DOCUMENT_ROOT, HTTP_ACCEPT_ENCODING, HTTP_CACHE_CONTROL, HTTP_CONNECTION, SERVER_ADDR, SERVER_SOFTWARE, SERVER_PROTOCOL, ...). Their quantity can depend on settings of both a server and a client.

These are examples of variable values:

REMOTE_ADDR = 194.85.1.1
HTTP_ACCEPT_LANGUAGE = ru
HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)
HTTP_HOST = www.webserver.ru
HTTP_VIA = 194.85.1.1 (Squid/2.4.STABLE7)
HTTP_X_FORWARDED_FOR = 194.115.5.5

Anonymity at work in Internet is determined by what environment variables "hide" from a web-server.

If a proxy server is not used, then environment variables look in the following way:

REMOTE_ADDR = your IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined

According to how environment variables "hided" by proxy servers, there are several types of proxies
Transparent Proxies

They do not hide information about your IP address:

REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = your IP

The function of such proxy servers is not the improvement of your anonymity in Internet. Their purpose is information cashing, organization of joint access to Internet of several computers, etc.
Anonymous Proxies

All proxy servers, that hide a client?s IP address in any way are called anonymous proxies

Simple Anonymous Proxies

These proxy servers do not hide a fact that a proxy is used, however they replace your IP with its own:
REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = proxy IP

These proxies are the most widespread among other anonymous proxy servers.

Distorting Proxies

As well as simple anonymous proxy servers these proxies do not hide the fact that a proxy server is used. However a client?s IP address (your IP address) is replaced with another (arbitrary, random) IP:

REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = random IP address
High Anonymity Proxies

These proxy servers are also called "high anonymity proxy". In contrast to other types of anonymity proxy servers they hide a fact of using a proxy:

REMOTE_ADDR = proxy IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined

That means that values of variables are the same as if proxy is not used, with the exception of one very important thing ? proxy IP is used instead of your IP address.
Summary

Depending on purposes there are transparent and anonymity proxies. However, remember, using proxy servers you hide only your IP from a web-server, but other information (about browser configuration) is accessible!

Backtracking EMAIL Messages

Backtracking EMAIL Messages 

Tracking email back to its source: Twisted Evil
cause i hate spammers... Evil or Very Mad

Ask most people how they determine who sent them an email message and the response is almost universally, "By the From line." Unfortunately this symptomatic of the current confusion among internet users as to where particular messages come from and who is spreading spam and viruses. The "From" header is little more than a courtesy to the person receiving the message. People spreading spam and viruses are rarely courteous. In short, if there is any question about where a particular email message came from the safe bet is to assume the "From" header is forged.

So how do you determine where a message actually came from? You have to understand how email messages are put together in order to backtrack an email message. SMTP is a text based protocol for transferring messages across the internet. A series of headers are placed in front of the data portion of the message. By examining the headers you can usually backtrack a message to the source network, sometimes the source host. A more detailed essay on reading email headers can be found .

If you are using Outlook or Outlook Express you can view the headers by right clicking on the message and selecting properties or options.

Below are listed the headers of an actual spam message I received. I've changed my email address and the name of my server for obvious reasons. I've also double spaced the headers to make them more readable.

Return-Path: <s359dyxtt@yahoo.com>

X-Original-To: davar@example.com

Delivered-To: davar@example.com

Received: from 12-218-172-108.client.mchsi.com (12-218-172-108.client.mchsi.com [12.218.172.108])
by mailhost.example.com (Postfix) with SMTP id 1F9B8511C7
for <davar@example.com>; Sun, 16 Nov 2003 09:50:37 -0800 (PST)

Received: from (HELO 0udjou) [193.12.169.0] by 12-218-172-108.client.mchsi.com with ESMTP id <536806-74276>; Sun, 16 Nov 2003 19:42:31 +0200

Message-ID: <n5-l067n7z$46-z$-n@eo2.32574>

From: "Maricela Paulson" <s359dyxtt@yahoo.com>

Reply-To: "Maricela Paulson" <s359dyxtt@yahoo.com>

To: davar@example.com

Subject: STOP-PAYING For Your PAY-PER-VIEW, Movie Channels, Mature Channels...isha

Date: Sun, 16 Nov 2003 19:42:31 +0200

X-Mailer: Internet Mail Service (5.5.2650.21)

X-Priority: 3

MIME-Version: 1.0

Content-Type: multipart/alternative; boundary="MIMEStream=_0+211404_90873633350646_4032088448"

According to the From header this message is from Maricela Paulson at s359dyxxt@yahoo.com. I could just fire off a message to abuse@yahoo.com, but that would be waste of time. This message didn't come from yahoo's email service.

The header most likely to be useful in determining the actual source of an email message is the Received header. According to the top-most Received header this message was received from the host 12-218-172-108.client.mchsi.com with the ip address of 21.218.172.108 by my server mailhost.example.com. An important item to consider is at what point in the chain does the email system become untrusted? I consider anything beyond my own email server to be an unreliable source of information. Because this header was generated by my email server it is reasonable for me to accept it at face value.

The next Received header (which is chronologically the first) shows the remote email server accepting the message from the host 0udjou with the ip 193.12.169.0. Those of you who know anything about IP will realize that that is not a valid host IP address. In addition, any hostname that ends in client.mchsi.com is unlikely to be an authorized email server. This has every sign of being a cracked client system.

Here's is where we start digging. By default Windows is somewhat lacking in network diagnostic tools; however, you can use the tools at to do your own checking.

davar@nqh9k:[/home/davar] $whois 12.218.172.108

AT&T WorldNet Services ATT (NET-12-0-0-0-1)
12.0.0.0 - 12.255.255.255
Mediacom Communications Corp MEDIACOMCC-12-218-168-0-FLANDREAU-MN (NET-12-218-168-0-1)
12.218.168.0 - 12.218.175.255

# ARIN WHOIS database, last updated 2003-12-31 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

I can also verify the hostname of the remote server by using nslookup, although in this particular instance, my email server has already provided both the IP address and the hostname.

davar@nqh9k:[/home/davar] $nslookup 12.218.172.108

Server: localhost
Address: 127.0.0.1

Name: 12-218-172-108.client.mchsi.com
Address: 12.218.172.108

Ok, whois shows that Mediacom Communications owns that netblock and nslookup confirms the address to hostname mapping of the remote server,12-218-172-108.client.mchsi.com. If I preface a www in front of the domain name portion and plug that into my web browser, http://www.mchsi.com, I get Mediacom's web site.

There are few things more embarrassing to me than firing off an angry message to someone who is supposedly responsible for a problem, and being wrong. By double checking who owns the remote host's IP address using two different tools (whois and nslookup) I minimize the chance of making myself look like an idiot.

A quick glance at the web site and it appears they are an ISP. Now if I copy the entire message including the headers into a new email message and send it to abuse@mchsi.com with a short message explaining the situation, they may do something about it.

But what about Maricela Paulson? There really is no way to determine who sent a message, the best you can hope for is to find out what host sent it. Even in the case of a PGP signed messages there is no guarantee that one particular person actually pressed the send button. Obviously determining who the actual sender of an email message is much more involved than reading the From header. Hopefully this example may be of some use to other forum regulars.