[TriLUG] open ports on Uverse 2wire gateway -- revisited
James Jones
jc.jones at tuftux.com
Tue Feb 4 15:05:15 EST 2014
Igor,
You wrote -- "I will repeat my earlier recommendation: buy a $100
modem + a $50 router. The modem you buy will likely not be running
firmware that AT&T can patch
remotely, and thus none of this will be a problem for you."
I am familiar with doing the above on AT&T's DSL but From what I can
find out from AT&T, the only units accepted for UVERSE use is the two
2wire Gateway models.
I even asked AT&T if we could switch back to DSL and it is possible,
but it will be a last resort.
I am still open to suggestions, but I think that it is a lost cause
unless UVERSE gets with the program.
jcj KK4VUS
On Tue, Feb 4, 2014 at 11:47 AM, Igor Partola <igor at igorpartola.com> wrote:
> James,
>
> I am inclined to be paranoid about this type of thing not even because of
> the cited vulnerability (which in this case as I understand it, would
> actually be an attack on AT&T and not you), but because of the possibility
> that someone other than AT&T might be able to "upgrade" your router
> remotely. Here is a way I might attack your this system:
>
> I would try to patch/upgrade the modem/router to gain control of it and get
> access to your LAN. While the WinXP box is running a firewall, I would
> still try to port scan that to see if I can root it directly. If not, I
> would try to see if I can persuade it to talk to different servers by
> either updating the DNS servers sent to it via DHCP or doing ARP poisoning
> or simply having the router route traffic to my own IP's. Now, if we assume
> that your WinXP box only communicates with the outside world via a
> TLS-protected protocol (HTTPS, FTPS, etc.) then I might not be able to
> man-in-the-middle attack it (this by the way is a big assumption). However,
> from what I understand WinXP doesn't exactly have the best crypto support
> and it's possible there are vulnerabilities there. In addition, I might try
> to man-in-the-middle a plain HTTP (vs HTTPS) site that is frequently
> visited from this box and see if I can use a browser exploit to root the
> box. Note that I am not in any capacity a professional or even amateur pen.
> tester so the above is likely a very naive way of doing things and someone
> far more clever than I would probably figure out a much better way to
> exploit a router they can run arbitrary code on.
>
> I will repeat my earlier recommendation: buy a $100 modem + a $50 router.
> The modem you buy will likely not be running firmware that AT&T can patch
> remotely, and thus none of this will be a problem for you.
>
> Igor
> --
> This message was sent to: jc jones <jc.jones at tuftux.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web : http://www.trilug.org/mailman/options/trilug/jc.jones%40tuftux.com
> Welcome to TriLUG: http://trilug.org/welcome
--
Jc Jones
Blogs -
http://www.wendellgeek.com/weblog/
http://www.wendellgeek.com/kixtech/
More information about the TriLUG
mailing list