Loading ...
Sorry, an error occurred while loading the content.
 

Little Security Question

Expand Messages
  • andrespuler
    Hello First: I m not an expert. Just want to be sure :-) Question: I read some stuff at Tom s about the box and also found the following message in this group:
    Message 1 of 3 , Aug 28, 2004
      Hello

      First: I'm not an expert. Just want to be sure :-)

      Question:

      I read some stuff at Tom's about the box and also found the following
      message in this group:
      http://groups.yahoo.com/group/nslu2-linux/message/626?threaded=1

      Is it right that I have to hack into my box myself and change the
      standard passwords of root and linksys' backdoor account to be sure to
      have a real secure box? I mean... everyone who has access to the
      network, enable telnet access via browser, login as root or with the
      linksys account via telnet and do to it whatever he wants to. is that
      right? maybe this sounds a bit paranoid, but I just want to be sure.
    • aballen_2000
      enabling telnet definately creates security issues, however once you hack into the box and remove the root password, all you need to do is telnet in and set
      Message 2 of 3 , Aug 28, 2004
        enabling telnet definately creates security issues, however once you
        hack into the box and "remove" the root password, all you need to do
        is telnet in and set the password... now you root has a paassword and
        you know what it is. Thats really the only reason for removing the
        password in the first place.

        Its a standard hack.. if you have access to the disks pretty much
        anything can be cracked easily.

        So don't leave root with no password, and if you really worried,
        diable telnet when your done using it.... though the web interface
        probably has security issues too ;-)

        -
        Ari

        --- In nslu2-linux@yahoogroups.com, "andrespuler" <fluestervogel@g...>
        wrote:
        > Hello
        >
        > First: I'm not an expert. Just want to be sure :-)
        >
        > Question:
        >
        > I read some stuff at Tom's about the box and also found the following
        > message in this group:
        > http://groups.yahoo.com/group/nslu2-linux/message/626?threaded=1
        >
        > Is it right that I have to hack into my box myself and change the
        > standard passwords of root and linksys' backdoor account to be sure to
        > have a real secure box? I mean... everyone who has access to the
        > network, enable telnet access via browser, login as root or with the
        > linksys account via telnet and do to it whatever he wants to. is that
        > right? maybe this sounds a bit paranoid, but I just want to be sure.
      • andrespuler
        Hi. I didnt say anywhere that I was going to leave root without any password. But I think that root and the backdoor account have the same (or in some way
        Message 3 of 3 , Aug 28, 2004
          Hi.

          I didnt say anywhere that I was going to leave root without any
          password. But I think that root and the "backdoor" account have the
          same (or in some way similar) passwords on each NSLU2 Linksys is
          shipping, so it would be better to _replace_ all the passwords which
          are set for root and the "backdoor" account with own passwords.

          --- In nslu2-linux@yahoogroups.com, "aballen_2000"
          <aristotle.allen@g...> wrote:
          > enabling telnet definately creates security issues, however once you
          > hack into the box and "remove" the root password, all you need to do
          > is telnet in and set the password... now you root has a paassword and
          > you know what it is. Thats really the only reason for removing the
          > password in the first place.
          >
          > Its a standard hack.. if you have access to the disks pretty much
          > anything can be cracked easily.
          >
          > So don't leave root with no password, and if you really worried,
          > diable telnet when your done using it.... though the web interface
          > probably has security issues too ;-)
          >
          > -
          > Ari
          >
          > --- In nslu2-linux@yahoogroups.com, "andrespuler" <fluestervogel@g...>
          > wrote:
          > > Hello
          > >
          > > First: I'm not an expert. Just want to be sure :-)
          > >
          > > Question:
          > >
          > > I read some stuff at Tom's about the box and also found the following
          > > message in this group:
          > > http://groups.yahoo.com/group/nslu2-linux/message/626?threaded=1
          > >
          > > Is it right that I have to hack into my box myself and change the
          > > standard passwords of root and linksys' backdoor account to be sure to
          > > have a real secure box? I mean... everyone who has access to the
          > > network, enable telnet access via browser, login as root or with the
          > > linksys account via telnet and do to it whatever he wants to. is that
          > > right? maybe this sounds a bit paranoid, but I just want to be sure.
        Your message has been successfully submitted and would be delivered to recipients shortly.