[GLLUG] Am I over-reacting to this?
jason at ukpost.com
Tue Jan 14 15:59:36 UTC 2014
If you are still having trouble getting to talk to someone with clue I may
be able to put you in contact with someone suitable. Contact me offlist if
On Jan 14, 2014 2:11 PM, "John Winters" <john at sinodun.org.uk> wrote:
> An ISP offers pre-configured ADSL routers to suit its ADSL lines.
> Before shipping the router, as well as setting up the line parameters and
> login, the ISP makes some hidden configuration changes to the router.
> By default the router offers configuration through its internal LAN
> interface, by means of either http or telnet - i.e. you can use either a
> web browser or a telnet client to configure it. The web configuration
> interface is a bit limited - anything really sophisticated needs the CLI.
> In addition the router offers the user the option to open up remote
> administration for a limited period. That is, the router will offer its
> http interface on an unusual port on its external (WAN) interface at the
> request of an internal administrator.
> However, the ISP as part of the configuration changes permanently opens up
> both http and cli interfaces on the external interface of the router, on
> the standard ports 80 and 22. This change cannot be seen from the web
> interface, which still insists that external administration is disabled,
> and the configuration change is not mentioned in any documentation supplied
> with the router. The sole protection is password-based login, over
> unencrypted connections.
> I nearly fell off my chair when I discovered this. Am I over-reacting?
> GLLUG mailing list
> GLLUG at mailman.lug.org.uk
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the GLLUG