Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: More questions about ZyXEL modem-routers eg VMG 1312-B10A  (Read 303 times)

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 9541
  • Retd sw dev; A&A; 4 ◊ 7km ADSL2; IPv6; Firebrick
More questions about ZyXEL modem-routers eg VMG 1312-B10A
« on: March 29, 2020, 02:44:26 AM »

A couple more questions that my friends might help me with. If anyone is really bored and has a spare modem at hand they can save me some hassle as experimentation is required.
  • Can one put XML comments in the config or will the device go mad? Obviously it shouldnít but such things have been known. For example the Firebrick router uses XML for its config and doesnít have a proper xml parser so if you put comments in, it goes crazy sometimes, but only under certain conditions, which are not completely well understood. I know I can test this myself of course, but I donít want to break one because if I do Iíll have to beg my beloved for days for help in poking it and she will growl at me. I have spare modems which I could experiment on but similarly this requires the services of my beloved to help set them up, she again armed with a pokey device. If anyone has a spare modem, they could quickly check this for me and get a thumbs up or down answer. We ought to put a newline inside the comment as that makes it more of a test, thinking of the Firebrickís bug in this respect. Doing so could just possibly reveal whether or not they have a real XML parser, just in case new lines are significant in the config whereas they should be invisible (in very many cases) in XML which in general is free-format not line-oriented.
  • If you wish to put in a version number/string that identifies your own config, and you sneak this value into the config itself somewhere, whatís the best way of doing that so that you can view it somewhere in the deviceís web UI? I have a system myself where I have managed to achieve this but I wonder if other people have alternative ideas which might be a bit more elegant or better in some other way. I use a release date as a config version identifier, formatted as a human-readable string.
  • Can one successfully rename standard accounts to a different username by simply changing the username that is given in the XML config? Again, I could test this myself, same whingey pathetic argument as #1. This is just standard security best practice as attackers get nowhere with password brute-forcing attempts if they donít even know the usernames to try with and this turns it into an O(n≤)-hard problem instead of an O(n) problem. Given the presence of very recent malware that will attack Linksys routers, trying to break into their admin interfaces to reconfigure them, itís a good idea to harden the routerís admin i/f even more. I have a strong password set and only machines on a whitelist can get to my modems as thereís a firewall rule preventing access, but all non-standard usernames would be excellent. Since the name "supervisor" might be sacred, what are the implications of changing that? Is "admin" sacred? If any internal functions use these well-known textual usernames instead of using some well-known fixed account id or whatever then the system could break at certain places.
Logged
 

anything