| reply to pejacoby
Re: Who is pqwest1.qwest.motive.com? Logging onto my router! When you changed the admin password did you use something that wasn't subject to a dictionary attack? I"m not familiar with that router, but if it only has space for 18 log entries there could have been hours worth of pounding on it looking for the password and you'd never know. It's possible there's a backdoor, but I don't think Motorola is that stupid.
I'd suggest two things right now. First, change your admin password again. With internal access whoever did that can get to anything. Second, for goodness sake turn off WAN side access to the admin port. If there isn't something in the system configuration then forward that port to a non-existent IP in your network. 192.168.1.254 should work fine unless you have 253 computers on your LAN. |
| First, I log to a syslog server, so I have logs back to January. This is the first time I've seen this type of access.
Second, my admin password is very strong, and something that would take many many tries to dictionary attack. The fact that the login success here occurred after just 9 attempts tells me this is some "other" administrative login, special to Qwest & Motive.com.
Third, the destination port is 7547/TCP, which appears to be something special on the WAN interface. I can telnet to it also, but it closes the connection immediately. This isn't a port that is mapped to any system on my internal network.
From a look at the motive.com site, it appears this might(?) be a router firmware version check or update attempt of some sort. I'm still searching the Motorola docs, and plan to send in a support case to Qwest. |
