I'm feeling paranoid - with good reason.
bjfowler at chanzy.eclipse.co.uk
Sat Feb 4 14:44:34 GMT 2006
Following the hint in John's message below, I checked my replacement
SpeedTouch 510 modem with Shieldup at grc.com. All my ports were closed, but
pings were acknowledged. This was not the case with old 530 modem, which
gave all clear.
I went into the command line interface to read the rules. There was a rule
that stated "accept icmp echo-request". This I changed to "drop". The modem
is now fully stealthed.
BUT it had a backdoor. The suppliers
Net Lynk Limited
Roman Park, Roman Way,
Coleshil, Birmingham, B46 1HG
had placed a rule in the modem firewall that it was to accept any incoming
packages from 188.8.131.52. This I traced back via reverse DNS lookup to
the firm that suppled the modem.
I shall apprise the firm later that I have discovered the backdoor and the
have placed the fact on record. Perhaps other readers could spread the word
to other more appropriate lists.
As far as I know, no attempt has been made by dslshop to contact my computer.
There is no trace in the logs from the secondary firewall.
Thanks for the hint John!
On Thursday 02 Feb 2006 19:06, John wrote:
> I know this is ot but.
> I strongly urge anybody that uses any sort of modem router to visit shields
> up at grc.com and see if their ports 254 and 255 are open. A search on the
> web will show that there is a problem on lots of them in this area. It
> seems that that most of them carried on shipping like that for a long time
> so it's probably a chip set problem. The zoom modem use a texas instruments
> chip set. Any sort of firewall is useless as the unit itself is at risk -
> mine definitely had it's firmware and or settings reprogrammed. Zoom also
> admitted that the firmware update does not prevent the open port. My
> current router does have a capability for remote adim but it can be turned
> off. (I hope) I ditched a Sagem adsl unit some time ago (years) as it was
> open to the same problem. They made them like that so that isp's can tweak
> them for their users etc.
This message is from the kde mailing list.
Account management: https://mail.kde.org/mailman/listinfo/kde.
More info: http://www.kde.org/faq.html.
More information about the kde