Hi,
First, I recommend using a modem that cant be connected by telnet, ftp,
tftp,httpd etc. in my modem as I see in IPtraf the packets cannot be
accepted. If you have a modem that cannot accept any services as mentioned
above can not be exploitable only if someone hacks the server. Secure the
server and secure the modem by password if there any.
Also, alcatel speed touch PRO is exploitable (BugTraq): Taking advantage
from the ALCATEL Speed Touch Pro backdoor and configuration problems, it is
possible to obtain a "full priv" access to the router and launch several
attack against the internal LAN thanks to the NAT/PAT feature often made
available.
Second, all the users of alcatel speed touch I recommend read
this: http://security.sdsc.edu/self-help/alcatel
you can read some docs there.
At 12:25 26/04/01 +0200, you wrote:
>I agree with the fact that if u limit the connections to the modem it will
>be the start of protecting it but...
>ANYONE who will access your modem, meaning he has to break into the "server:
>first and from it access the modem, can control it and one of the basic
>things he can do is make it unusable for u.
>The first thing you should do is set the password on the modem, Bezeq never
>do it on installations.
>The second thing is to protect your "server", If they cant access it they
>cant access the modem.
>
>-----Original Message-----
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
>Behalf Of Dani Arbel
>Sent: Wednesday, April 25, 2001 8:40 PM
>To: Shlomi Fish
>Cc: [EMAIL PROTECTED]
>Subject: Re: Protecting against the Alcatel ADSL modem vulnerability
>
>
>Shlomi,
>Your ADSL has an ip # in 10 net , and is not accesible from outside. You
>have to protect your host ip # only.
>If you are paranoid and fear that someone will control your ADSL modem
>from outside (pure ATM) then you can limit the connections alowed for
>10.0.0.138 .
>Dani
>
>On Wed, 25 Apr 2001, Shlomi Fish wrote:
>
> >
> > Hi!
> >
> > I have an Alcatel ADSL modem at home and I use it to connect my Mandrake
> > 7.2 Linux to the Internet. I followed the HOWTO and everything is working
> > fine.
> >
> > Now, I want to set up a firewall that will protect my computer in case
> > somebody penetrates the modem. I have already set up an IP-Chains firewall
> > to protect me against connecting to TCP ports via the ppp0 interface, but
> > should I also do it for the "eth0" interface?
> >
> > Any pointers and guidelines would be highly appreciated.
> >
> > Regards,
> >
> > Shlomi Fish
> >
> >
> >
> > ----------------------------------------------------------------------
> > Shlomi Fish [EMAIL PROTECTED]
> > Home Page: http://t2.technion.ac.il/~shlomif/
> > Home E-mail: [EMAIL PROTECTED]
> >
> > A more experienced programmer does not make less bugs. He just realizes
> > what went wrong more quickly.
> >
> >
> > =================================================================
> > To unsubscribe, send mail to [EMAIL PROTECTED] with
> > the word "unsubscribe" in the message body, e.g., run the command
> > echo unsubscribe | mail [EMAIL PROTECTED]
> >
> >
>
>
>=================================================================
>To unsubscribe, send mail to [EMAIL PROTECTED] with
>the word "unsubscribe" in the message body, e.g., run the command
>echo unsubscribe | mail [EMAIL PROTECTED]
>
>
>=================================================================
>To unsubscribe, send mail to [EMAIL PROTECTED] with
>the word "unsubscribe" in the message body, e.g., run the command
>echo unsubscribe | mail [EMAIL PROTECTED]
----
Regards,
Eran Levy.
E-mail: [EMAIL PROTECTED]
WebSite: http://come.to/liloboot
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
