On Wed, 11 Apr 2001, Joey Hess wrote: > Here's one way to disable the backdoor: I used the EXPERT login to download > /active/ip.ini by ftp, removed all the apadd and rdadd lines, turned off > forwarding for good measure, and re-uploaded it. After resetting the device, > I can't ping it or connect to it on any port, and yet it still functions as > a DSL modem. I suppose this closes all the holes except DSLAM access. I'm not quite sure if you will not get into problems. Have you rebooted the machine? Are you using the unit in bridge mode or as PPTP modem? If I have a look at the config file of my unit that runs into PPTP mode it looks like: config forwarding=on firewalling=on redirects=on sourcerouting=off ttl=64 fraglimit=64 defragmode=nat apadd addr=10.0.0.138/8 intf=eth0 broadcastip=10.255.255.255 addroute=no rtadd dst=10.0.0.0/8 gateway=10.0.0.138 rtadd dst=255.255.255.255/32 gateway=10.0.0.138 rtadd dst=10.0.0.0/8 src=10.0.0.0/8 gateway=10.0.0.138 I guess forwarding is required. Firewalling is not relevant. redirects are something I'm not sure of but I guess it isn't needed. Without an IP adres there is no way to setup PPTP so it can't be missed. Hugo. -- Alle email aan mij verzonden is gebonden aan de regels beschreven op mijn homepage. All email send to me is bound to the rules described on my homepage. Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland hvdkooijat_private http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger.
This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 13:39:55 PDT