Scary, scary internet

As noted in a recent post, I’ve been having problems with a server (clock) and my firewall/router appliance. The clock issue is now known and should be resolved the next time I want to reboot with a keyboard and monitor attached, but the firewall is still giving problems.

The first manifestation of the problem was the router resetting it’s LAN (internal) IP address to the default value. Even reset, it would continue to operate as the gateway, but DHCP was messed up. Resetting the IP fixed the immediate problem, but it would recur.

Last night I decided to hard reset (power off, wait, power on) the device in hopes of clearing memory, just to be safe. All seemed well, but this morning the device would not display it’s web interface. “Server Reset” is the universal “Don’t look at me” useless browser error message. I did another hard reset and after an hour it the same.

I was able to Telnet (not SSH) into the appliance, and had a look around. It uses “Busybox”, a linux variant as it’s OS. I did some reading on the internet, and discovered, much to my horror, that the FTP port is both unsecured (no password at all) and open to both LAN and WAN sides of the network.

This means that anyone using basic tools like ping could discover my ADSL IP address and then try to telnet into whatever was there. In my case, this would be successful. I think damage would be limited to crashing the device but who knows.

At any rate, I immediately disabled the telnet back door and rebooted the device. Now we wait and see…

Comments are closed.