Discuss EVDO PCMCIA Cards, ExpressCards, EVDO USB, PDAs, Phones, Coverage and Mobile Broadband Cards.
Discuss Verizon and Sprint Coverage. CradlePoint CTR350, CTR500, PHS300, MBR1000, MBR1200, PHS300. Discuss Improving signal with 3Gstore Antennas and Amplifiers.
|
EVDOforums.com
Discussion forum for EVDO users
|
Our sites Include:
EVDO Info :: EVDO Forums :: EVDO Maps :: EVDO Blog :: 3Gstore.com
To purchase your EVDO Card / Antenna / Amplifier / Router from the EVDO Experts, just contact us!
| View previous topic :: View next topic |
| Author |
Message |
tz1
EVDO Junkie
Joined: 29 Sep 2005
Posts: 509
Location: http://kr1gps.dyndns.org:8888/
|
 Posted: Wed Mar 22, 2006 8:24 am Post subject: Unverified security issue and workaround |
 |
|
I haven't been able to exploit a potential problem with the KR1 (even the new firmware), but I've found a way to block it in any case. I won't go into details about what is going on - anyone smart enough can figure out what the problem might be.
If the problem is real (it is hard to exploit from behind a firewall), then it is extremely serious. Also note my GPSD firmware releases aren't designed to be secure though I'm working on fixes for that too, but for my firmware you can also block TCP 23/23 in addition to UDP 69/69 below to prevent remote logins to the KR1.
I would recommend everyone with a KR1 add the following configuration setting
Go to the advanced, virtual server page:
http://192.168.0.1/adv_virtual.html <use your KR1 address
name: security1 <anything to identify it
PrivateIP: 10.9.8.7 <something that doesn't exist
Protocol Type: UDP
Private port:69 <could be anything
Public port:69
Schedule: always
After applying, you should see a new line at the bottom of the list like:
security1 10.9.8.7 UDP 69/69 always |
|
| Back to top |
|
 |
mysigp226
EVDO User
Joined: 26 Nov 2005
Posts: 42
|
| Posted: Thu Mar 23, 2006 10:36 am Post subject: |
|
|
| don't tell me they are allowing tftp on the wan port! |
|
| Back to top |
|
|
tz1
EVDO Junkie
Joined: 29 Sep 2005
Posts: 509
Location: http://kr1gps.dyndns.org:8888/
|
| Posted: Thu Mar 23, 2006 11:55 am Post subject: |
|
|
Ok, I won't tell you. But so far I haven't gotten it to work completely because the UDP packets haven't worked their way back from the EVDO card, however the transaction starts because a file with the correct name is created on the router if you do tftp put. This might be serious for reasons I won't go into, but it could be very, very serious if a whole file could be downloaded correctly.
But just because my connections so far have not done the right things with UDP packets, it doesn't mean others won't, or consider one EVDO box to another using the same provider, so it doesn't go through very many routers. |
|
| Back to top |
|
|
Mackieman
EVDO Junkie
Joined: 31 Oct 2005
Posts: 491
|
| Posted: Fri Mar 24, 2006 5:30 pm Post subject: |
|
|
| There is really no way to know what IP is using what unless you're capturing packets from the EVDO RF stream. I believe the likelihood of this ever being an issue is very, very remote. |
|
| Back to top |
|
|
tz1
EVDO Junkie
Joined: 29 Sep 2005
Posts: 509
Location: http://kr1gps.dyndns.org:8888/
|
| Posted: Fri Mar 24, 2006 7:19 pm Post subject: |
|
|
| Unless you use Dyndns type services which might specifically identify you (like my kr1gps.dyndns.org). |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Buy from the 3G Experts @ 3Gstore.com
CradlePoint MBR1200 $269.99
Sprint MiFi $59.99
CTR500 $179.99
MBR1000 $189.99
CTR350 $89.99
PHS300 $159.99
Sprint 598U - Free
Sprint Rev A ExpressCard: Merlin EX720 - Free
Purchase an EVDO Booster Antenna
Purchase an EVDO Amplifier
Your Mac EVDO Experts
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
