[GLLUG] Am I over-reacting to this?

[Jason Clifford]

If you are still having trouble getting to talk to someone with clue I may
be able to put you in contact with someone suitable. Contact me offlist if
you want.
On Jan 14, 2014 2:11 PM, "John Winters" <john at sinodun.org.uk> wrote:

> Scenario:
>
> An ISP offers pre-configured ADSL routers to suit its ADSL lines.
>
> Before shipping the router, as well as setting up the line parameters and
> login, the ISP makes some hidden configuration changes to the router.
>
> By default the router offers configuration through its internal LAN
> interface, by means of either http or telnet - i.e. you can use either a
> web browser or a telnet client to configure it.  The web configuration
> interface is a bit limited - anything really sophisticated needs the CLI.
> In addition the router offers the user the option to open up remote
> administration for a limited period.  That is, the router will offer its
> http interface on an unusual port on its external (WAN) interface at the
> request of an internal administrator.
>
> However, the ISP as part of the configuration changes permanently opens up
> both http and cli interfaces on the external interface of the router, on
> the standard ports 80 and 22.  This change cannot be seen from the web
> interface, which still insists that external administration is disabled,
> and the configuration change is not mentioned in any documentation supplied
> with the router.  The sole protection is password-based login, over
> unencrypted connections.
>
> I nearly fell off my chair when I discovered this.  Am I over-reacting?
>
> John
>
> _______________________________________________
> GLLUG mailing list
> GLLUG at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/gllug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20140114/de7d32c1/attachment.html>