1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Very bad security holes in v23???!

Discussion in 'DD-WRT Firmware' started by callous, Jan 13, 2006.

  1. callous

    callous Network Guru Member

    I noticed that by default the following are enabled:

    1)Telnet to your router is enabled.
    This means anyone who knows your ip address can telnet into your router and do bad things after (easily) cracking your router password.

    2)Remote access is enabled
    Once they got your ip, they can remotely change your router configuration. If they know where you live, then they can now change settings so that they can have access to your whole network.

    By default, the Linksys firmware disables this for a very very good reason.

    Uh, *shouldnt security be a major priority in any release like this*? :eek:

    For the newest version, could these 2 settings be DISABLED? And disable any other security holes that I havent found yet??
  2. g412b

    g412b Network Guru Member

    Telnet is unavailble for external (non LAN) users since ist blocked by the firewall filter
    And remote access shouldnt be a huge problem as long as you use a decent password
    And then again, its not like a "noobish" users is going to install ddwrt
  3. itsmeohmy

    itsmeohmy Network Guru Member

    I agree that Remote Administration shouldn't be enabled by default, but I don't see the problem with Telnet being enabled by default....

Share This Page