[YLUG] Router

Craig Genner craig at tuxx.org.uk
Sun Sep 28 21:29:31 UTC 2008


On Sunday 28 September 2008 21:46:13 Alex Howells wrote:
> 2008/9/28 Paul Gibbs <paul-listmonkey at pacem.plus.com>:
> > (Having read your other replies too)
> > WTF?
> > Is this router connected to the internet?
> > You have a router and the admin login is still admin, and you have no
> > password!
>
> Most routers aren't stupid enough to ship with the administration
> interface exposed to the WAN these days.
>
> [snip bulk of rant]
>
> > If it's not as open as I fear then treat this as a little rant on what
> > everyone should do with their routers.
>
> If the router only permits access via a wired connection on the LAN
> side then whilst it's probably still advisable to secure your router,
> someone would still need to be in your home to hack it, or compromise
> your computer(s) and then go from there?  Set all the passwords you
> like on a device, once they have physical access it's pretty much game
> over anyway.

Doesn't matter, it's been proven that certain scripts can run on your web 
browser that are used to access the router.  Because it's run from your 
browser on the local lan then it has access to the web interface of your 
router.

These scripts can be put into a standard web page on any web server any where 
in the world...

That, I believe, is what Paul was referring to.

Craig



More information about the York mailing list