I'm feeling paranoid - with good reason.

Basil Fowler bjfowler at chanzy.eclipse.co.uk
Sat Feb 4 14:44:34 GMT 2006 

Following the hint in John's message below, I checked my replacement 
SpeedTouch 510 modem with Shieldup at grc.com.  All my ports were closed, but 
pings were acknowledged.  This was not the case with old 530 modem, which 
gave all clear.

I went into the command line interface to read the rules.  There was a rule 
that stated "accept icmp echo-request".  This I changed to "drop".  The modem 
is now fully stealthed.

BUT it had a backdoor.  The suppliers 

DSL Shop
Net Lynk Limited
Roman Park, Roman Way,
Coleshil, Birmingham, B46 1HG
England. 

had placed a rule in the modem firewall that it was to accept any incoming 
packages from 217.196.1.140.  This I traced back via reverse DNS lookup to 
the firm that suppled the modem. 

I shall apprise the firm later that I have discovered the backdoor and the 
have placed the fact on record.  Perhaps other readers could spread the word 
to other more appropriate lists.

As far as I know, no attempt has been made by dslshop to contact my computer.  
There is no trace in the logs from the secondary firewall.

Thanks for the hint John!

Basil Fowler


On Thursday 02 Feb 2006 19:06, John wrote:
> I know this is ot but.
> I strongly urge anybody that uses any sort of modem router to visit shields
> up at grc.com and see if their ports 254 and 255 are open. A search on the
> web will show that there is a problem on lots of them in this area. It
> seems that that most of them carried on shipping like that for a long time
> so it's probably a chip set problem. The zoom modem use a texas instruments
> chip set. Any sort of firewall is useless as the unit itself is at risk -
> mine definitely had it's firmware and or settings reprogrammed. Zoom also
> admitted that the firmware update does not prevent the open port. My
> current router does have a capability for remote adim but it can be turned
> off. (I hope) I ditched a Sagem adsl unit some time ago (years) as it was
> open to the same problem. They made them like that so that isp's can tweak
> them for their users etc.
> regards
> John
>
___________________________________________________
This message is from the kde mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.

More information about the kde mailing list