funsec mailing list archives

Re: Don't click that link - it may re-program your router?

From: "David Lodge" <dave () cirt net>
Date: Sun, 25 Feb 2007 10:24:08 -0000

On Tue, 20 Feb 2007 15:09:45 -0000, Michal Zalewski <lcamtuf () dione ids pl>wrote:

On Tue, 20 Feb 2007 Blanchard_Michael () emc com wrote:

to me the whole deal is simply a reminder to change passwords from
default if they're not already.

And hope you don't have hidden "service" accounts that are not visible
through GUI, of course. Like Siemens DSL modems and their "userNotUsed" /
"userNotU"...

*Every* home grade router I've used has had a default option to block theadministration console from the external network. This is basically:

1) Change default passwords
2) Get the vendors to set up secure

As far as I'm concerned, this is a vendor issue, a home router shouldnever leave the factory without it being configured to auto change thedefault password and to block the administration screen from outside.

Though most vendors seem to be terrible on security and follow the conceptof "we tell you it's secure so it is".


dave
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Don't click that link - it may re-program your router? Gary Funck (Feb 19)
- Re: Don't click that link - it may re-program your router? Jordan Wiens (Feb 19)
- Re: Don't click that link - it may re-program your router? Jeff Kell (Feb 19)
- RE: Don't click that link - it may re-program your router? Blanchard_Michael (Feb 20)
  - RE: Don't click that link - it may re-program your router? Michal Zalewski (Feb 20)
    - RE: Don't click that link - it may re-program your router? Blanchard_Michael (Feb 20)
    - Re: Don't click that link - it may re-program your router? David Lodge (Feb 25)
    - Re: Don't click that link - it may re-program your router? Michal Zalewski (Feb 25)