Re: ATTN Tony Whitmore please
From: Tony Whitmore (tony_whitmore@nospamhotmail.com)Date: 07/28/02
- Next message: Chris L: "Re: Blocking Kazza"
- Previous message: : "Re: What is svchost.exe"
- In reply to: Tobamore: "ATTN Tony Whitmore please"
- Next in thread: Tobamore: "Re: ATTN Tony Whitmore please"
- Reply: Tobamore: "Re: ATTN Tony Whitmore please"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Tony Whitmore" <tony_whitmore@nospamhotmail.com> Date: Sun, 28 Jul 2002 16:28:02 +0100
Hi Tobamore,
I hope I can help a bit.
If your telnet and http ports are open to the internet (as your pcflank scan
suggests) then the security of your router is reliant only on the strength
of your password. If someone scans your router's public IP address and is
able to connect to your telnet or http port, then they can try and guess
your username/password combination. Usernames are often left as standard on
routers (eg, admin, setup etc.) Some routers do not even require a username
to be entered. The remote user can use dictionary-based attacks or
brute-force attacks to try and match the password.
My feeling is that unless you have *good* reason to allow connections to the
http and telnet ports on your router from the internet, then shut them down.
Read your router's manual for details, as how you do this will depend on the
software installed on it. You may be able to allow connections to the ports
only from your local ethernet interface. It should be possible to add a
"deny" rule to close the ports on your public interface, but leaving them
open on your local network. In addition you could restrict the range of
valid IP address to just your computer's IP address to stop anyone else on
your local network attempting to connect.
Alternatively, if you can't restrict these services to just the local
network, (unlikely, given the software on most routers) and have to disable
remote configuration totally, then you are lucky to have the option of
configuring using the serial port! As you say, if you are happy with your
router's settings and won't need to change them often, then it may be
possible to live with doing rare and occasional tweak over the serial cable.
If you *have* to be able to configure your router from any IP address then
you should at least have some protection in place to stop repeated
connection attempts. Otherwise you *are* vulnerable. (One type of protection
will deny a given IP address connections for an hour if it enters the wrong
password 3 times in succession. Your router's software manual will tell you
what sort of protection, if any, you have on your public interface.)
If you can't work out how to close the ports on your router, or you have to
keep these ports accessible from the internet for remote configuration
(though I can't think why!), I have one final suggestion - but it requires
more hardware than the others! If the upstream connection on your router is
ethernet (rather than a router combined with an ADSL modem, for example)
then you could install a linux based firewall (eg Smoothwall, IPCop,
floppyfw or Coyote) between the router and "the internet". This would
protect all the ports on the router from outside connection attempts, unless
you specifically allow them. Using the sort of linux based software
mentioned, you could restrict access to your telnet or http ports by
incoming IP address. You could set it to only allow connections from your
work IP address, for example, and all other IP addresses would be denied.
You could also use port forwarding to use an "obscure" port rather than the
standard port 23, as a lot of malicious users will only attempt to make
connections on common ports. You *could* still be connected to by someone
who spoofed the single allowed IP address and scanned for the open port,
however. Your password would still be the last line of defence against
someone who had got that far. That is why it is important to make sure it is
a good "strong" alphanumeric password!
Hope this is of some use!
Cheers,
Tony Whitmore
"Tobamore" <tobamore@DELETE_MEyahoo.co.uk> wrote in message
news:p3d7kucn1aeldfpqjrfbmtd0op7d8bofm1@4ax.com...
> Hello Tony,
> I read your reply re routers firewall on this board and it seems
> that you really know your stuf. In your reply you mentioned open telnet
> ports etc. If I scan my router at pcflank etc my telnet & http ports are
> found to be open, they are open to allow remote management and are both
> password protected I can close these ports by disabling remote management
> and if I ned to change anything I can use hyperterminal and a serial lead
to
> do so apparently. Would you really reccomend that I disable remote
> management and also am I likely to need to change my routers settings when
> they are working fine?
>
> TIA
>
> T
>
> Hope this makes some sense?
- Next message: Chris L: "Re: Blocking Kazza"
- Previous message: : "Re: What is svchost.exe"
- In reply to: Tobamore: "ATTN Tony Whitmore please"
- Next in thread: Tobamore: "Re: ATTN Tony Whitmore please"
- Reply: Tobamore: "Re: ATTN Tony Whitmore please"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
