Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: quick security/router observation and question

  1. #1
    Join Date
    Jun 2008
    Location
    Prescott, AZ
    Posts
    1,191

    Default quick security/router observation and question

    I have v*riz*n fi*s and it has a supplied router to translate between the fi*s and rj45/IP. I noticed when I logged onto my v*riz*n account in my browser that they had unrestricted access to my router (well, their router, actually) including my WPA2 SSID and passphrase. Anyone who could gain access to v*riz*n's records has full access to my wifi/LAN. I'm not terribly savvy, so this has *got* to be only the tip of a huge iceberg.

    So I bought another router, made it's local IP something other than 192.168.*.*, left DHCP on the V router (still at 192.168.*.*), and now I have a new private LAN. Rebooting OP 12.3 x64 seemed to pick this up. I port-forwarded HTTP and HTTPS on the V router. I guess that's all I need (are there separate ports for curl and that other linux network "get" program - is it wget?) - does this seem a reasonable way to secure my network?

    The russian issue is big: Malware RATs can steal your data and your money, your privacy too _ ESET ThreatBlog.mp4
    ...but again, probably only the tip of an iceberg or three. (that's just the only one I know about)

    Suggestions please - should I turn these on?
    Block Anonymous Internet Requests
    Filter Multicast
    Filter Internet NAT Redirection

    I don't plan on doing any remote administration, just wget/curl, HTTP, FTP, HTTPS, and maybe a game (UT2004 in Windows xp) so I should block all ports, drop all pings, yes?

    TIA!!!! Patricia

  2. #2

    Default Re: quick security/router observation and question

    On 01/05/2014 03:36 PM, PattiMichelle wrote:
    >
    > I have v*riz*n fi*s and it has a supplied router to translate between
    > the fi*s and rj45/IP. I noticed when I logged onto my v*riz*n account
    > in my browser that they had unrestricted access to my router (well,
    > their router, actually) including my WPA2 SSID and passphrase. Anyone
    > who could gain access to v*riz*n's records has full access to my
    > wifi/LAN. I'm not terribly savvy, so this has *got* to be only the tip
    > of a huge iceberg.


    Scum... I hate that, but a big part of the reason the ISPs probably set
    this up is to help those without any technological ability in
    configuring/troubleshooting. Still, stupid. There are better ways, far
    more secure ways, of doing exactly that.

    > So I bought another router, made it's local IP something other than
    > 192.168.*.*, left DHCP on the V router (still at 192.168.*.*), and now I
    > have a new private LAN. Rebooting OP 12.3 x64 seemed to pick this up.
    > I port-forwarded HTTP and HTTPS on the V router. I guess that's all I
    > need (are there separate ports for *curl* and that other linux network
    > "get" program - is it *wget*?) - does this seem a reasonable way to
    > secure my network?


    You shouldn't need to enable any kind of "forwarding" unless you are
    running a server at home that you want exposed to the Internet. If so,
    sure, that's fine, but if not, don't enable any forwarding or other
    inbound stuff. You should be able to do just about anything online from
    within you private network (which is within your private network provided
    by the Verizon hardware) without doing much more than connecting to your
    network.

    > Suggestions please - should I turn these on?
    > Block Anonymous Internet Requests


    I would.

    > Filter Multicast


    Inbound? Yes. If this is for outbound you MAY, but probably will not,
    find it useful.

    > Filter Internet NAT Redirection


    Probably leave disabled. I'm guessing since it's a configurable option
    that this is for inbound stuff, but more details would help confirm that.

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

  3. #3
    Join Date
    Jun 2008
    Location
    Prescott, AZ
    Posts
    1,191

    Default Re: quick security/router observation and question

    Holy RouterTraces, Batman, it works!
    So, Port Forwarding is only for unsolicited inbound connections, then?
    Thanks.

    I know some other companies who have opened up their entire networks internally - as a cost-cutting measure (i.e., remote - or even outsourced - administration). Viruses, trojans, and bots love to see open internal networks! I should change my screenname to LovesRouters. Are all routers more or less equal in protecting a LAN from intrusion?

    Happy New Year!
    Patricia

  4. #4
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,676
    Blog Entries
    3

    Default Re: quick security/router observation and question

    Quote Originally Posted by PattiMichelle View Post
    So, Port Forwarding is only for unsolicited inbound connections, then?
    Yes.

    By the way AT&T does the same thing with u-verse. So I have my own router behind theirs. It works well.

    Quote Originally Posted by PattiMichelle View Post
    Are all routers more or less equal in protecting a LAN from intrusion?
    Yes, pretty much. Most of the protection is due to the NAT functionality.

    Some day, real soon now, we will have IPv6. And there won't be NAT. So there will be a lot more variability between how much protection the routers provide.
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

  5. #5
    Join Date
    Jun 2008
    Location
    Prescott, AZ
    Posts
    1,191

    Default Re: quick security/router observation and question

    What REALLY bothers me here is that v*riz*n had a secret, unknown, fully-open back door to my private home network. Is this even legal? maybe it's buried in the terms of service somewhere... Any disgruntled (or overly ambitious) employee(s) of v*riz*n could easily start a black market operation with some "associates" who drive around installing malware rats in people's wifi networks. It would be pretty much untraceable. Makes me want to throw up.

  6. #6
    Join Date
    Oct 2009
    Location
    Sweden
    Posts
    1,028

    Default Re: quick security/router observation and question

    Quote Originally Posted by PattiMichelle View Post
    What REALLY bothers me here is that v*riz*n had a secret, unknown, fully-open back door to my private home network. Is this even legal? maybe it's buried in the terms of service somewhere... Any disgruntled (or overly ambitious) employee(s) of v*riz*n could easily start a black market operation with some "associates" who drive around installing malware rats in people's wifi networks. It would be pretty much untraceable. Makes me want to throw up.
    Your private.. Up to you. -It has reported earlier, A+B and E. Have a secret(yearly 1970's or in Europe) You have write before and gain knowledge. Please don’t trow up. UK University have it's points. Good.
    Regards (Swedish).
    I'm shameless like others in the forum -was I to any help or made sense? If yes: click the on the star below to the left. Written whit a ;-) in my eye.

  7. #7
    Join Date
    Jun 2008
    Location
    Prescott, AZ
    Posts
    1,191

    Default Re: quick security/router observation and question

    I have yet to ask someone (even IT folks) who knows that their FIOS company has full access to their LAN. They are always VERY surprised and go right out and buy another (second) router. What I'm really afraid of is not the government, but the black market, including little, untraceable scams by employees. There's no evidence I'm aware of (yet) of a black market in the US - but we never do know these things beforehand. If the technical folks (like us) don't know about this, you can just bet that the CEO's don't...

    (but maybe we're just not paying attention?)

    Relevant: https://www.schneier.com/blog/archives/2013/10/d-link_router_b.html
    http://www.linuxbsdos.com/2012/10/04...ternet-router/
    http://mikegerwitz.com/2012/10/Verizon-router-backdoors
    http://www.threatcore.com/verizon/


  8. #8
    Join Date
    Jun 2008
    Location
    Kansas City Area, Missouri, USA
    Posts
    7,236

    Default Re: quick security/router observation and question

    On 01/11/2014 05:36 PM, PattiMichelle wrote:
    >
    > I have yet to ask someone (even IT folks) who knows that their FIOS
    > company has full access to their LAN. They are always VERY surprised
    > and go right out and buy another (second) router. What I'm really
    > afraid of is not the government, but the black market, including little,
    > untraceable scams by employees. There's no evidence I'm aware of (yet)
    > of a black market in the US - but we never do know these things
    > beforehand. If the technical folks (like us) don't know about this, you
    > can just bet that the CEO's don't...


    If you are concerned, switch out the router with one running openWRT, or similar
    firmware. That way you will control the firewall between the ISP and your LAN.
    If you must use the FIOS unit, then chain the WAN port on the new router to one
    of the LAN ports on the FIOS router. That makes life more difficult for any
    services that you want to expose to the Internet, but that is the idea.




  9. #9
    Join Date
    Jun 2008
    Location
    The English Lake District. UK - GMT/BST
    Posts
    36,857
    Blog Entries
    20

    Default Re: quick security/router observation and question

    Just out of interest.
    Why take a router given to you by your ISP? I never do.
    Tumbleweed_KDE
    My Articles Was I any help? If yes: Click the star below

  10. #10
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,676
    Blog Entries
    3

    Default Re: quick security/router observation and question

    Quote Originally Posted by caf4926 View Post
    Just out of interest.
    Why take a router given to you by your ISP? I never do.
    Sometimes you don't have a choice.
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •