RE: Possible weird/insecure configuration of an ISP router exposed unfiltered to public internet?

From: David Gillett (gillettdavid_at_fhda.edu)
Date: 01/28/05

  • Next message: KillKenny: "Re: Apache attacks" 
    To: <security.department@tele2.ch>, <security-basics@securityfocus.com>
Date: Thu, 27 Jan 2005 15:17:23 -0800

    > 4. (my main question!): The reason given by the ISP to expose
    > the router is totaly weird, because the IP range for
    > _outgoing_ ADSL-connections is irrelevant for router remote
    > administration, which is performed in the opposite direction
    > and need's only one IP, p.ex. the one of the target router.

      Uh, no. Any TCP connection needs both source and target addresses.

      What the ISP said is: We've considered only allowing telnet
    connections to this box from specific source addresses (assigned
    to those who should be able to administer the router). We haven't
    restricted access to only those sources yet; it's entirely possible
    that the administrators need the option to access it from wherever
    they are on the Internet *today*, and that changes, either because
    they travel and/or they get an address via DHCP or other dynamic
    mechanism.

      It's entirely possible that certain "known nuisance" and invalid
    or spoofed source addresses are blocked; yours doesn't (yet) happen
    to be one of them.

    David Gillett

  • Next message: KillKenny: "Re: Apache attacks"

    Relevant Pages