David Pipe wrote:

>>In a recent client installation I discovered that even if the remote
>>administration function is turned off, the WRT54G provides the
>>administration web page to ports 80 and 443 on the WAN.
>>
>>
>
>I think the "Independent consultant" quoted in InternetWeek is wrong. I
>think he either has a defective router or his cables are plugged into the
>wrong end of the thing.
>
>This clearly works properly on my Linksys WRT54G. No access of
>administrative site on the WAN side when it's turned off. Period.
>
>Comments and questions:
>
>1) No one has been able to confirm this problem. Isn't that right?
>
>2) The "Independent consultant" did not say he tried with more than one
>router, and it appears that he did not ask anyone else if they would
>check this out on their routers before he decided the sky was falling.
>
>3) Thousands and thousands of these things have been sold for months an no
>one has reported this error before.
>
>4) Certainly such an aggregious error would have been discovered before
>now, as hackers routinely bang away at IP addresses and find this stuff.
>
>5) Does he really think that Cisco/Linksys would not test such a basic
>basic basic aspect of this router's security?
>
>6) How did this get on to InternetWeek? Does anyone actually check these
>things out before publishing them?
>
>Please, prove me wrong on all points. Can anyone reproduce this?
>
>Dave
>
>
>
OK, you're wrong on all points. Here's a quote from the vendor:

Linksys, A division of Cisco Systems, Inc.

Product: WRT54G

Classification: Firmware Release History

Firmware Date: 6/2/2004

Release Date: BETA RELEASE

Last Firmware Version: 2.02.8_BETA
________________________________________________________________________
__
Firmware 2.02.8_BETA
- Resolved security issue where remote management is enabled on port 80
and 443 when firewall is disabled

[ reply ]