I agree with you. Sometimes routers do not have http enabled although I believe that most administrators enable this service to perform easy/remote administration tasks. However, it is quite common to find http enabled devices. :) printers, wireless printers, cameras... you name it. Attacking these devices is not that severe as attacking the border router however, if the attacker is able to misconfigure one or more of these devices some bad things can happen (DoS, etc). IMHO, if you want to do stuff on lower level, you need to think of something else. JavaScript, Flash and Java Applets are technologies that are designed to run on the WEB. This is why, IMHO, they are quite good platform for performing WEB/HTTP based attacks. cheers On 8/4/06, Thierry Zoller <Thierry@xxxxxxxxx> wrote:
Dear pdp (architect), pa> BTW, there are quite a lot cisco devices that have http open on local pa> LAN vulnerable to IOS HTTP Authorization Vulnerability. That's my point, I have done an ehaustive amount of pentest, I have never come accross a router with accessible HTTP port. Maybe that's related to the nature of the networks though. -- http://secdev.zoller.lu Thierry Zoller Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7
-- pdp (architect) http://www.gnucitizen.org
