Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Weaver]

Looking back at a comment in
    http://forum.kitz.co.uk/index.php?topic=17065.msg314519#msg314519
the author says:

When you add an IP address, you are providing an endpoint to attack from the network.

Anyone who buys this modem needs to

1) Login to the web GUI, goto  Advanced / Remote Management and uncheck all of the remotely available services:
FTP   
HTTP     
ICMP (Ping)     
TELNET     
TFTP

I take it that this is simply not an issue for me since they are only ever in straight modem mode, not IP routers ? Is that correct ? There is no IP interface on the WAN-facing side of the modems, and so I have no IP addresses assigned to that side of the modems even.

It is receiving (useless) ethernet frames that contain PPPoE packets which are wrapped in other junk headers, and it is just copying them through or else rate converting to PPPoEoE with some retranslation but at any rate ultimately copying the PPP packets through. But however, it has no clue about IP, so no worries. That's my understanding of it. At the top level it just handles PPP and whatever that can deliver (or perhaps it can also handle other kind of wholesale ISP-specified types of ethernet stuff ?)

[Weaver]

I later noticed that AEsmith and G.DMT agree with me:
    http://forum.kitz.co.uk/index.php/topic,17065.msg314603.html#msg314603
adjacent pair of posts.

I presume there is no way?

On the LAN side, I don't have any kind of security configuration and services are open, not even a proper password, intentionally, because the LAN-side i/f of the modem is isolated by the router (thank goodness) and is physically secure too. There is direct zero access from the main LAN. The Firebrick router doesn't even have any IP interface on an ethernet port that a modem is connected to, only a PPP logical i/f, and the IPv4 and IPv6 logical i/fs are inside the PPP instances of course.