Announcement

Collapse
No announcement yet.

linksys security

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • linksys security

    I am a newbie and I need help. I am currently running win98 (installing redhat 9 in couple of days) with ZA and am now using the BEFSR41 router. Before I got the router I was stealthed on all ports (as far as I know). After i got it I noticed port 113 was closed but not stealth. Now I have stealthed port 113.

    But, I have question about further configure for router. If I put http://my.ip.here in my browser, my router config window opens and asks for password. My question is: can anyone put this into their browser and access my router config or computer? If so, what do I do?

    merc

  • #2
    No, because the IP address that you put in is a local address. For example 192.168.1.1. They would have to be on your local network first, then they could be able to gain access to the login screen to access the router. Once there, they'd have to figure out your username/password.

    Also, make sure you changed the default password of "admin."
    Last edited by GodMinusOne; July 22, 2003, 12:45.
    You're either on my side or else you're in the way.

    Comment


    • #3
      Another Note

      Also, never enable "remote management" otherwise your router will be accesible from the internet. By default this should be turned off, but if it is on then by default it runs on port 8080.

      At one point in time in earlier revisions of the Linksys firmware the usernames and passwords were stored in plaintext inside of the html document. (Plain Stupidity). So you really want to keep remote management off.

      Mac address filtering also may be a good idea if you're paranoid. Although it's only trivial to defeat it's another layer of security.


      Linksys Bugs!(!@

      One time myself and a co-worker found a bug with the linksys router that allowed people from the outside to bounce off the router, using the remote management port. We used to use this to use the router as a "proxy server" from work. I'm guessing that the router didn't see us as having external ip addresses and routed us like the rest of the traffic just like the inside traffic.

      We rebooted the router, flashed the firmware and were unable to reproduce the error. (those early firmwares really sucked). It would be a good idea to download the latest firmware for your router from the linksys website and apply it to your router. You wouldn't want somebody using you to relay god knows what.

      Comment


      • #4
        Ok, Two questions i have the same thing, with port 113 it acts closed even with my firewall proxy and the other things i have running. What steps did you use to stealth it? Second i have tried to upgrade my firmware, it asks for the bin number but yet i do not have it. So how can i work on it to where i have the bin.
        If its answerable thanks.
        Ricky

        Comment


        • #5
          You sure it isn't asking for the .bin file for the firmware upgrade?
          "The only thing that I am reasonably sure of is that anybody who's got an ideology has stopped thinking." -- Arthur Miller

          Comment


          • #6
            Originally posted by Ricky1146
            Ok, Two questions i have the same thing, with port 113 it acts closed even with my firewall proxy and the other things i have running. What steps did you use to stealth it? Second i have tried to upgrade my firmware, it asks for the bin number but yet i do not have it. So how can i work on it to where i have the bin.
            If its answerable thanks.
            Quick solution would be to port forward all requests for port 113 (IDENT) to a non-existant IP address. So, for example, if you only have a few computers on your network, and they all use the 192.168.1.100,101,102... you could forward all requests inbound/outbound for port 113 to say 192.168.1.2
            You're either on my side or else you're in the way.

            Comment


            • #7
              Originally posted by MindShadow
              You sure it isn't asking for the .bin file for the firmware upgrade?
              Thats what i meant, I just said bin number for pretty much no reason. But it is .bin thanks for reminding me
              Ricky

              Comment


              • #8
                Originally posted by Ricky1146
                Thats what i meant, I just said bin number for pretty much no reason. But it is .bin thanks for reminding me
                Just download the firmware upgrade from www.linksys.com
                perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'

                Comment


                • #9
                  Thanks Chris
                  Ricky

                  Comment


                  • #10
                    yeah, GodMinusOne spelled out just what i did for the port 113 stealth. Also, i have been reading around about the router software--is it true that the latest v isn't necesarily the best?

                    m

                    ps my bro is trying to hack me with BO2K, any one w/ suggestions on how to stop him plz let me know. I'm not so stupid to let him send with AIM or anything, but i do occasionly run mIRC, and Klite, and BT. he knows my ip.

                    Comment


                    • #11
                      well...

                      unless your brother has changed the program signature for bo2k then more than likely virus software will pick it up. so run that if you are running a dos or nt based kernel.
                      "I'm not a robot like you. I don't like having disks crammed into me... unless they're Oreos, and then only in the mouth."

                      Comment


                      • #12
                        virus software certainly picks it up. when i found out what he was doing i read all bout it and ran it on myself (v1.0). i had to tell anti virus not to attack many times. how do i combat this program signature? i am reading now on what it is etc, but i need to know quick how to stop it. my bro dont sleep and he is good, keep in mind i am a new person.

                        m

                        thanks all for your help so far.

                        ps i am running TCPView will this tell me if he is connected or can he hide?

                        Comment


                        • #13
                          Originally posted by mercutio
                          ps i am running TCPView will this tell me if he is connected or can he hide?
                          I dont remember about win98, but you should just be able to run the command "netstat" from the command line (dos) and It will show you the current connections to your machine. I dont know if there is a way around this (never messed with it), but I wouldnt think it is done too easily. Although, it is windows...so you never know.

                          ~ripshy
                          Virtutis gloria merces

                          Comment


                          • #14
                            thanks all for all ur help.

                            i now have redhad 9 up and and am going thru the whole process again - but now with linux for the first time. i still haven't figured out what the netstat is yet - or better something like tcpview - because im so overwhelmed how great this os is.

                            m

                            ps my bro never got in.

                            Comment

                            Working...
                            X