Major Security Threat

amith_mysore

Newbie
[OP]
Regulars
Sep 22, 2004
60
0
If you are using SmartAX MT880 / 882 (Cant comment on any other modem)

people can on internet can access you modem admin page.

This is how,

I have set Dynamic DNS on my computer. so when my system is conected to internet i can access it from internet sone thing like http://****.no-ip.org/ (to prevent misue)

Now when my system is not connected to internet my last public Ip address is still binded to that URL and most likely that it will be assinged to some body else. so when offline it some connects to the above URL and modem not properly secured you can see the admin page of the modem and it can give me the use name and password of the user. Attached image to prove my point.
 

vishalrao

The Global Village Idiot
Regulars
Jan 21, 2005
4,809
338
Pune
You can forward your port 80 to some non-existent internal IP... for me I forward port 80 to my PC's web server so people just see the webpage (my site) not the modem admin pagealso, sometimes you get different results if you access your own site from your own PC... ask some one else to take a look and see if they see the same page...
 

pawanrh

Regular
Regulars
Aug 18, 2005
153
0
Hmmmm.. Looks Bad! Is there no way to switch off your modem when you disconnect from the internet! I suggest you take out the phone line cable from the modem if you use this service!

Port 80 Redirects
Many residential ISPs Block port 80, No-IP Free DNS enables you to run a webserver on a non-standard port, yet users accessing your site never have to enter a port number. For example http://yourname.no-ip.com/ can redirect to http://yourname.no-ip.com:8833/
[/b]
from no-ip.org

I suggest you forward it to a different port other that 80
 


Similar threads