On Tue, 11 Aug 1998, Tom wrote: > My biggest gripe with fp2000 was the unrestricted "read only" access to > telnet and snmp ports. Yes, I was actually beating my head in for a little bit going 'OK, I know they HAVE to let me setup a telnet password, just where is it..' then it turned out that no such thing exists.. I was able to convince them to let me get the MIB for it, which the way they manage it with the Win GUI does some strange things (such as only one snmp community), so I am going to give that a quick overview and see if there is any way to do bad things with it.. There are parts in the MIB that hold the 'logged in' info, as far as what managment station is currently accessing it and if it has authenticated itself with the system password.. This could be interesting area to investigate for a hijacking of the router.. > FP has been very responsive to customer feedback and v1.4.3 supports access > lists. There was also a nasty memory leak in earlier versions that would cause > the router to die for no apparant reason, they granted access to a beta > version that fixed it some time ago. Good show, been wanting ACLs for a while, as the checkbox for 'Internet Firewall' that only disables spoofed packets just doesnt cut it on the Big Internet with smurfers and such.. I have not had any problems so far running 1.4.1, I currently have 70+ days of uptime on it..But I did come under an ICMP attack not long ago and there was nothing that I could do but watch and grit my teeth.. Maybe I will upload 1.4.3 today.. If anyone thinks the 'Internet Firewall' checkbox is protecting your network, think again! > Looks like 1.43 will only take X chars. Same thing for 1.4.1, they seem to have made it a little more sane.. -- jason
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:12:33 PDT