dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
898

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

1 recommendation

tubbynet

MVM

niche market?

pardon my ignorance in this area - but how many consumer level routers actually *have* telnet/ssh options? afaik, only routers that run ddwrt/xwrt/openwrt/tomato/etc have such options available and if you are running something like that, you *should* know how to secure your router. i could see something like m0n0wall/pfsense/etc, but the same argument can be made.
am i missing something or is this just pure laziness from (quasi-)technical people?

q.

Morac
Cat god
join:2001-08-30
Riverside, NJ

2 edits

Morac

Member

Surprisingly a lot have remote telnet/ssh options. They are disabled by default, but it's very simple to just check the box next to them.

Personally I think the check box should be disabled if the password hasn't been changed or isn't deemed "good enough".

edit - Oops I confused remote web interface with remote shell. So no, most consumer devices do not have a built in remote shell.

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet

MVM

said by Morac:

Surprisingly a lot have remote telnet/ssh options. They are disabled by default, but it's very simple to just check the box next to them.
hmmm...never knew. i knew that a "web gui" option existed, but i figured that many of those routers ran a vxworks-type firmware and wasn't sure what kind of remote shell these devices would have over some type of remote-cli connection.

q.

PapaMidnight
join:2009-01-13
Baltimore, MD

PapaMidnight to tubbynet

Member

to tubbynet
said by tubbynet:

pardon my ignorance in this area - but how many consumer level routers actually *have* telnet/ssh options? afaik, only routers that run ddwrt/xwrt/openwrt/tomato/etc have such options available and if you are running something like that, you *should* know how to secure your router. i could see something like m0n0wall/pfsense/etc, but the same argument can be made.
am i missing something or is this just pure laziness from (quasi-)technical people?

q.
A firewall is only as secure as the person who sets the options and/or secures it.

pfSense (I've never used m0n0wall and cannot speak for it) does not allow external networks to connect to SSH by default. Actually, by default, ssh is disabled on pfSense. Likewise, by default, pfSense blocks Loopback connections as part of its default Firewall rules.

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet

MVM

said by PapaMidnight:

A firewall is only as secure as the person who sets the options and/or secures it.
right. my point was that pfsense/m0n0wall is not your "run of the mill" router solution and as such, users configuring it should be aware of security.

my argument was that in my experience with consumer-grade (linksys, dlink, netgear, etc) routers, there was no "remote shell" ability - only that of "web gui remote administration". i can understand people using _these_ devices not understanding what telnet/ssh is and leaving it on with a default password. i was simply posing the question if this was an option on consumer routers as i had never seen it. if it _was_ an option, then i can understand the desire to build something to exploit that market segment. if that was not a common option built in to user gear, then the only people exploited are those who *do know* what remote shells are, but are too lazy to configure them in a secure manner.

q.

en102
Canadian, eh?
join:2001-01-26
Valencia, CA

en102 to tubbynet

Member

to tubbynet
Sad part is that many have a little knowledge about this and want all the tech gadgets, but either are too lazy, or don't have enough knowledge to really secure it well.

"A little knowledge is a dangerous thing. So is a lot."
— Albert Einstein

PapaMidnight
join:2009-01-13
Baltimore, MD

PapaMidnight to tubbynet

Member

to tubbynet
said by tubbynet:

said by PapaMidnight:

A firewall is only as secure as the person who sets the options and/or secures it.
right. my point was that pfsense/m0n0wall is not your "run of the mill" router solution and as such, users configuring it should be aware of security.

my argument was that in my experience with consumer-grade (linksys, dlink, netgear, etc) routers, there was no "remote shell" ability - only that of "web gui remote administration". i can understand people using _these_ devices not understanding what telnet/ssh is and leaving it on with a default password. i was simply posing the question if this was an option on consumer routers as i had never seen it. if it _was_ an option, then i can understand the desire to build something to exploit that market segment. if that was not a common option built in to user gear, then the only people exploited are those who *do know* what remote shells are, but are too lazy to configure them in a secure manner.

q.
Till being modified, I've never seen a consumer level router with a command shell option available to the consumer on any level. Not even the Linksys' recovery mode. That's just my personal experience.

knightmb
Everybody Lies
join:2003-12-01
Franklin, TN

knightmb to tubbynet

Member

to tubbynet
said by tubbynet:

pardon my ignorance in this area - but how many consumer level routers actually *have* telnet/ssh options? afaik, only routers that run ddwrt/xwrt/openwrt/tomato/etc have such options available and if you are running something like that, you *should* know how to secure your router. i could see something like m0n0wall/pfsense/etc, but the same argument can be made.
am i missing something or is this just pure laziness from (quasi-)technical people?

q.
Neither m0n0wall nor pfsense allow WAN side login connections. You have to enable some firewall rules for that and if you are doing that, hopefully one would know not to leave the default username/password open to the world.

fifty nine
join:2002-09-25
Sussex, NJ

fifty nine to tubbynet

Member

to tubbynet
said by tubbynet:

pardon my ignorance in this area - but how many consumer level routers actually *have* telnet/ssh options? afaik, only routers that run ddwrt/xwrt/openwrt/tomato/etc have such options available and if you are running something like that, you *should* know how to secure your router. i could see something like m0n0wall/pfsense/etc, but the same argument can be made.
am i missing something or is this just pure laziness from (quasi-)technical people?

q.
Some people put DD-WRT or Tomato on their routers and leave the default password.

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet

MVM

said by fifty nine:

Some people put DD-WRT or Tomato on their routers and leave the default password.
given that firmwares like that are meant for the "power users", i would like to believe that they are asking for it. so many people try to be the "uber-geek" without understanding all aspects/idiosyncracies/dangers/tradeoffs of being that person.
enough knowledge to be dangerous rings true here...

q.

djrobx
Premium Member
join:2000-05-31
Reno, NV

djrobx to PapaMidnight

Premium Member

to PapaMidnight
Me neither. I'm with Tubbynet - I've configured *lots* of different SOHO routers. I've yet to see a single one that has a SSH socket option, let alone having it enabled out of the box.

You generally have to have flashed your router with DD-WRT or similar to get ssh access. I don't think most run-of-the-mill users would do that. Even then I don't think DD-WRT defaults to having an ssh port open. I've always had to enable it if I wanted it. I haven't played with OpenWRT or Tomato.

I think you'd be more likely to run into full on linux servers if you trolled the net for open SSH interfaces with weak passwords.

fifty nine
join:2002-09-25
Sussex, NJ

fifty nine to tubbynet

Member

to tubbynet
That is true but unfortunately we all suffer when:

- Their connection is used as a botnet
- ISPs get pounded with coordinated DDoS attacks
- Our speed suffers on shared last mile networks such as HFC (and upstream for DSL/fiber)
- new network management procedures go into place (port blocking, throttling, caps)

So yes they're looking for it but it also affects us.

TomClancy
Freedom Isn't Free
join:2003-04-23
...

TomClancy to djrobx

Member

to djrobx
I have seen DSL Modem/Router Combo with Telnet enabled i.e. a Alcatel/Thomson Speedtouch modem. Can't be found in GUI, but if you know how to connect to telnet you can find it.

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet

MVM

said by TomClancy:

I have seen DSL Modem/Router Combo with Telnet enabled i.e. a Alcatel/Thomson Speedtouch modem. Can't be found in GUI, but if you know how to connect to telnet you can find it.
good to know. i figured that there were a few, but they weren't "mainstream" networking devices. i was aware that most third-party firmwares would include it, but my lack of familiarity with soho networking equipment (which includes pfsense/m0n0wall/various iptables based firewalls) prevented me from making an educated statement regarding the market penetration rate of such devices (my home network and my product knowledge is very cisco-centric).

q.