[95080] in North American Network Operators' Group
Re: broadband routers security issues
daemon@ATHENA.MIT.EDU (Jeff Shultz)
Mon Feb 26 18:02:22 2007
Date: Fri, 23 Feb 2007 10:25:43 -0800
From: Jeff Shultz <jeffshultz@wvi.com>
To: Gadi Evron <ge@linuxbox.org>, NANOG list <nanog@nanog.org>
In-Reply-To: <Pine.LNX.4.21.0702221329300.10895-100000@linuxbox.org>
Errors-To: owner-nanog@merit.edu
This is why we specify our DSL modems configured as transparent bridged
(routing optional) and when they go out the door they're already set up
as inaccessible from the outside, even if the customer enables routing
(I've seen one case in 5 years where the customer has done this without
calling us for help first).
Of course, I've discovered that we're also a bit unusual in that we use
RFC 1483 Bridged mode and static IPs instead of PPPoE and DHCP for all
our DSL connections.
We wouldn't accept this sort of default open accessability from Linksys,
D-link, Netgear, etc... - why should we accept it on our DSL/cable modems?
Gadi Evron wrote:
> Hi guys. A guy named Sid recently wrote on securiteam (where I write
> as well) on an accidental discovery he made on the security of his home
> broadband router with its default settings.
>
> Apparently, he started by discovering he had port 23 open (which was
> telnet for the router rather than for him - we have all been there
> before).
--
Jeff Shultz
