[ale] little bit of security advice needed

Paul D. Manno paul at dblegl.atl.ga.us
Mon Jul 8 11:18:34 EDT 2002 

Hi,

There are several "patches" issued for the LinkSys routers.  Visit their 
web site http://www.linksys.com/download/ to check your product's info.

-- Paul

On Mon, 8 Jul 2002, Dow Hurst wrote:

> Is it possible to break thru the Linksys router with spoofed source 
> packets from an external source?  Has anyone tried this?  I was talking 
> with a guy who explained to me that a IPchains masquerading firewall I 
> had installed at a academic lab could be hacked by sending a spoofed 
> source packet containing an internal address of the masqueraded LAN.  I 
> probably didn't have a rule in place to deny such coming in on the 
> external interface, but don't have the rules to look at to check.  He 
> rebuilt the box as a custom iptables bridge with static IPs issued from 
> the institution this was at.  I am happy for my friend who owns this lab 
> since it sounds like this new admin is helping secure the lab properly. 
>  But, I was puzzled since I thought I had set things up correctly.  I 
> depend on a Linksys router at home until I get a Linux firewall in 
> place.  I really want to get that done since the Linksys router seems to 
> get confused quickly and lock up my external to internal SSH 
> connections.  Don't ever "ls -l" in an SSH session from outside being 
> forwarded inside or you'll lose the session.
> Dow
> 
> 
> Jim Popovitch wrote:
> 
> >Hi Cade,
> >
> >Everything looks good and tight.  I ran nmap against thacker.homelinux.org
> >and here are the results.  Btw, it's good to see that you have turned off
> >ICMP replies on your Linksys.
> >
> >-Jim P.
> >
> >
> >  root at bugs~$ nmap -P0 thacker.homelinux.org
> >
> >  Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ )
> >  Interesting ports on user-1120uq4.dsl.mindspring.com (66.32.123.68):
> >  (The 1553 ports scanned but not shown below are in state: filtered)
> >  Port       State       Service
> >  22/tcp     open        ssh
> >
> >  Nmap run completed -- 1 IP address (1 host up) scanned in 409 seconds
> >
> >
> >
> >
> >---
> >This message has been sent through the ALE general discussion list.
> >See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> >sent to listmaster at ale dot org.
> >
> >
> >  
> >
> 
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.
> 


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list