[GLLUG] Am I over-reacting to this?

Matthew Walster matthew at walster.org
Tue Jan 14 14:37:21 UTC 2014


On 14 January 2014 14:10, John Winters <john at sinodun.org.uk> wrote:

> However, the ISP as part of the configuration changes permanently opens up
> both http and cli interfaces on the external interface of the router, on
> the standard ports 80 and 22.  This change cannot be seen from the web
> interface, which still insists that external administration is disabled,
> and the configuration change is not mentioned in any documentation supplied
> with the router.  The sole protection is password-based login, over
> unencrypted connections.
>
> I nearly fell off my chair when I discovered this.  Am I over-reacting?
>

Are you sure it's not locked down to certain source IPs?

This is *very* common, however it's usually conducted by an industry
standard protocol: http://en.wikipedia.org/wiki/TR-069

M

​​
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20140114/4431bc70/attachment.html>


More information about the GLLUG mailing list