My firewall was cracked!

Jerry Feldman gaf at blu.org
Wed Feb 21 09:44:52 EST 2001


Yes. I heard that there was a password exploit, but I don't have any 
documentation. However, I noticed on the AT&T BB web site that they 
recommended an upgrade to firmware revision 1.37. Linksys does not 
recommend updating firmware unless there is a specific problem.

There were two changes that I noticed:
1. The method of changing the MAC address changed from a quick hack 
on the setup screen to a new tab. 
2. The timeouts that previously affected ssh no longer occur. 

Since I use SSH, the second feature was very important. I also change 
the MAC address so that it is the same MAC address as the NIC card I 
have registered with AT&T BB. I did not notice any security issues in the 
readme that raised a red flag. 

IMHO, it is better to have a single machine as a dedicated firewall, and 
also to provide some firewall services on each node inside of the firewall. 
This way, anyone hacking your system needs to break at least 2 
firewalls. 

On 21 Feb 2001, at 9:20, Christoph Doerbeck A242369 wrote:

> Has anyone heard of exploits regarding Linksys or other 
> popular cable firewalls?

Jerry Feldman <gaf at blu.org>
Associate Director
Boston Linux and Unix user group
http://www.blu.org
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).



More information about the Discuss mailing list