lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.NEB.4.64.0802081902140.20527@panix5.panix.com>
Date: Fri, 8 Feb 2008 19:02:53 -0500 (EST)
From: Jay Sulzberger <jays@...ix.com>
To: full-disclosure@...ts.grok.org.uk
Subject: [ NNSquad ] Verizon's access via their provided
 Actiontec MoCa router (fwd)



---------- Forwarded message ----------
  Date: Fri, 08 Feb 2008 16:04:00 -0500
  From: Andrew C Burnette <acb@....net>
  To: "nnsquad@...quad.org" <nnsquad@...quad.org>
  Subject: [ NNSquad ] Verizon's access via their provided Actiontec MoCa router

  Hey folks,

  In discussion with Lauren (off list) I recalled the following info that might
  be of interest to any FIOS users who actually want their home network to be a
  bit more secure.

  During a recent UPS battery swapout, I got stuck with a verizon 'dead' DHCP
  lease (it would not lease me an IP address).

  VZ Tech support was able to access and verify the configuration, code rev, and
  connectivity on the Actiontec router, despite there being no visible external
  IP address (according to my web view on the box) on the router.

  To me, that equals no security if they (unknown they...) can access my LAN or
  router without even their router logs showing such external access. Not good.

  Anyway, in bridge mode, I run a software firewall behind it, which does the
  actual DHCP request and is my external visible IP to the world. You can still
  do all the normal stuff, using the Actiontec as a MoCa to Ethernet interface
  (NIM).

  Best regards,
  Andy Burnette


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ