I'm feeling paranoid - with good reason.

Fri Feb 3 17:53:47 GMT 2006

On Friday 03 February 2006 02:42, Gene Heskett wrote:
> On Thursday 02 February 2006 19:07, Basil Fowler wrote:
> >On Thursday 02 Feb 2006 18:26, Nigel Henry wrote:
> >> The secondary firewall is just fine for protecting the client
> >> machines if the firewall on the ADSL router/modem is naff. But
> >> hypothetically. Port 80 is open for incoming traffic on the
> >> router/modem, and I presume that the webserver on the router/modem,
> >> for setting it up, is theoretically accessable to a password
> >> cracker, much in the same way as you, as a user would access it,
> >> with user-name and password, to set up the firewall and modem in the
> >> first place from a client machine. I say this, because when I first
> >> got my Smoothwall up and running, I allowed my son to access it's
> >> web interface from his location on the Internet, on a very short
> >> timeframe, and just to see what it looked like (he's a Windoze
> >> user). Allright. I had to port forward port80 to the gateway
> >> address, and give him my current local dynamic IPaddress. Sounds
> >> pretty stupid now, allowing him to access my firewall. But you live
> >> and learn.
> >
> >I do not know the internal setup for router/modems.  The SpeedTouch is
> >connected via an ethernet link to my computer.  True, the webserver
> > has to listen on port 80 and port 21 for telnet CLI operations, but
> > if it is set to listen ONLY to the ethernet link, any attempt to
> > nobble it through the ADSL link should be thwarted.  If you look at
> > my ruleset, the interface that each rule applies is specified.  I
> > have another interface eth1, which is connected to the internal
> > network, and that is trusted, so there are no restrictions.
> >
> >If John's Zoom modem /router has an open port 80 (or 21 telnet) to the
> > ADSL link, then that could explain how it got reprogrammed.
>
> Thats not something I would expect to happen, ever, if only because of
> the legal consequences if the router isn't theirs.
>
> But this thread reminds me of an experience I had with a seimans router
> 3 years ago.  The first thing I did to it was to turn off the remote
> administration door from the wan port the dsl modem was hooked to.
> Then one of vz's dns servers got rooted and walked right thru it,
> getting in as far as portsentry set for paranoid let it, meaning there
> was one line in the log reporting where the attack came from.
>
> As the router was trashed at that point, the password haveing been reset
> by whoever, I just pulled the cables, jumped in the truck and made
> tracks back north about 30 miles to the CC I'd bought it from, trading
> it in on a linksys BEFSR41, which has, as the saying goes, been best
> described as bulletproof.  Remote admin turned off of course.
>
> If you can still find one of them, grab it.  Its a good router, with no
> hidden foibles I've found yet in 3 years.  And yet totally transparent.
> [...]

Hi Gene. I found one of those on a French suppliers website, and only 49.95 
euros. I know I'm on dial-up at the moment, but is worth keeping in mind for 
when broadband comes to my area. Thanks for the recommendation. Nigel.
>
> >> > I hope that you do not connect to the internet as root!
>
> Who me?  Whodahthunklit...

On the Internet as root. Noooooo. Thats only for Windoze users.
___________________________________________________
This message is from the kde mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.