On Wed, 11 Apr 2001, Joey Hess wrote:
> Here's one way to disable the backdoor: I used the EXPERT login to download
> /active/ip.ini by ftp, removed all the apadd and rdadd lines, turned off
> forwarding for good measure, and re-uploaded it. After resetting the device,
> I can't ping it or connect to it on any port, and yet it still functions as
> a DSL modem. I suppose this closes all the holes except DSLAM access.
I'm not quite sure if you will not get into problems. Have you rebooted
the machine? Are you using the unit in bridge mode or as PPTP modem?
If I have a look at the config file of my unit that runs into PPTP mode it
looks like:
config forwarding=on firewalling=on redirects=on sourcerouting=off ttl=64 fraglimit=64 defragmode=nat
apadd addr=10.0.0.138/8 intf=eth0 broadcastip=10.255.255.255 addroute=no
rtadd dst=10.0.0.0/8 gateway=10.0.0.138
rtadd dst=255.255.255.255/32 gateway=10.0.0.138
rtadd dst=10.0.0.0/8 src=10.0.0.0/8 gateway=10.0.0.138
I guess forwarding is required. Firewalling is not relevant. redirects are
something I'm not sure of but I guess it isn't needed.
Without an IP adres there is no way to setup PPTP so it can't be missed.
Hugo.
--
Alle email aan mij verzonden is gebonden aan de regels beschreven op
mijn homepage.
All email send to me is bound to the rules described on my homepage.
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland
hvdkooijat_private http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 13:39:55 PDT