I'm feeling paranoid - with good reason.

Fri Feb 3 01:42:29 GMT 2006

On Thursday 02 February 2006 19:07, Basil Fowler wrote:
>On Thursday 02 Feb 2006 18:26, Nigel Henry wrote:
>> The secondary firewall is just fine for protecting the client
>> machines if the firewall on the ADSL router/modem is naff. But
>> hypothetically. Port 80 is open for incoming traffic on the
>> router/modem, and I presume that the webserver on the router/modem,
>> for setting it up, is theoretically accessable to a password
>> cracker, much in the same way as you, as a user would access it,
>> with user-name and password, to set up the firewall and modem in the
>> first place from a client machine. I say this, because when I first
>> got my Smoothwall up and running, I allowed my son to access it's
>> web interface from his location on the Internet, on a very short
>> timeframe, and just to see what it looked like (he's a Windoze
>> user). Allright. I had to port forward port80 to the gateway
>> address, and give him my current local dynamic IPaddress. Sounds
>> pretty stupid now, allowing him to access my firewall. But you live
>> and learn.
>
>I do not know the internal setup for router/modems.  The SpeedTouch is
>connected via an ethernet link to my computer.  True, the webserver
> has to listen on port 80 and port 21 for telnet CLI operations, but
> if it is set to listen ONLY to the ethernet link, any attempt to
> nobble it through the ADSL link should be thwarted.  If you look at
> my ruleset, the interface that each rule applies is specified.  I
> have another interface eth1, which is connected to the internal
> network, and that is trusted, so there are no restrictions.
>
>If John's Zoom modem /router has an open port 80 (or 21 telnet) to the
> ADSL link, then that could explain how it got reprogrammed.

Thats not something I would expect to happen, ever, if only because of 
the legal consequences if the router isn't theirs.

But this thread reminds me of an experience I had with a seimans router 
3 years ago.  The first thing I did to it was to turn off the remote 
administration door from the wan port the dsl modem was hooked to.  
Then one of vz's dns servers got rooted and walked right thru it, 
getting in as far as portsentry set for paranoid let it, meaning there 
was one line in the log reporting where the attack came from.

As the router was trashed at that point, the password haveing been reset 
by whoever, I just pulled the cables, jumped in the truck and made 
tracks back north about 30 miles to the CC I'd bought it from, trading 
it in on a linksys BEFSR41, which has, as the saying goes, been best 
described as bulletproof.  Remote admin turned off of course.

If you can still find one of them, grab it.  Its a good router, with no 
hidden foibles I've found yet in 3 years.  And yet totally transparent.
[...]
>> > I hope that you do not connect to the internet as root!
Who me?  Whodahthunklit...

-- 
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules.  I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
___________________________________________________
This message is from the kde mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.