I'm feeling paranoid - with good reason.

Basil Fowler bjfowler at chanzy.eclipse.co.uk
Fri Feb 3 00:07:16 GMT 2006


On Thursday 02 Feb 2006 18:26, Nigel Henry wrote:

>
> The secondary firewall is just fine for protecting the client machines if
> the firewall on the ADSL router/modem is naff. But hypothetically. Port 80
> is open for incoming traffic on the router/modem, and I presume that the
> webserver on the router/modem, for setting it up, is theoretically
> accessable to a password cracker, much in the same way as you, as a user
> would access it, with user-name and password, to set up the firewall and
> modem in the first place from a client machine. I say this, because when I
> first got my Smoothwall up and running, I allowed my son to access it's web
> interface from his location on the Internet, on a very short timeframe, and
> just to see what it looked like (he's a Windoze user). Allright. I had to
> port forward port80 to the gateway address, and give him my current local
> dynamic IPaddress. Sounds pretty stupid now, allowing him to access my
> firewall. But you live and learn.

I do not know the internal setup for router/modems.  The SpeedTouch is 
connected via an ethernet link to my computer.  True, the webserver has to 
listen on port 80 and port 21 for telnet CLI operations, but if it is set to 
listen ONLY to the ethernet link, any attempt to nobble it through the ADSL 
link should be thwarted.  If you look at my ruleset, the interface that each 
rule applies is specified.  I have another interface eth1, which is connected 
to the internal network, and that is trusted, so there are no restrictions. 

If John's Zoom modem /router has an open port 80 (or 21 telnet) to the ADSL 
link, then that could explain how it got reprogrammed.

>
> I'm interested in this, as I have to use RealPlayer to get audio streams
> from BBC.co.uk, and do from time to time experience mysterious problems.
> I'd read that the BBC were developing open source codecs, but havn't heard
> much in recent months. I'd be happy to hear your experiences, offlist, as
> this is a bit OT.  Nigel.
>
> > Perhaps other users of the list would like to suggest improvements.
> >
> > I hope that you do not connect to the internet as root!
> >
> > Basil Fowler
> >
___________________________________________________
This message is from the kde mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.




More information about the kde mailing list