If someone can come along with a laptop and plug a Cat5 cable into your router, you have a very serious security problem.
Quote:
foamcup
PostPosted: Sun Dec 06, 2009 9:11 am
Put it behind a locked door.
QFT before your issue becomes WTF....really, restricting physical access is key. A router wants to route--if someone has physical access to it, they can override whatever software lock you put on it.
30/30/30, new password, sweet.
NX
PS: highly recommend Schneier. He is like Chuck Norris for computer security.
Bruce Schneier knows Alice and Bob's shared secret.
Most people use passwords. Some people use passphrases. Bruce Schneier uses an epic passpoem, detailing the life and works of seven mythical Norse heroes.
Bruce Schneier's secure handshake is so strong, you won't be able to exchange keys with anyone else for days.
Bruce Schneier writes his books and essays by generating random alphanumeric text of an appropriate length and then decrypting it.
Though a superhero, Bruce Schneier disdanes the use of a mask or secret identity as 'security through obscurity'.
blah blah blah, everything is so simple when your sitting on the other end of a forum isnt it.
Can we focus on being able to shut a few little lan ports down for the moment?
which i'm sure you'll agree, is a very simple requirement. i managed it on a THOMSON TG585v7 in about 2 minutes and that is possibly the worst router / os in the world.
There is a great scene in it when the author calls an Air Force Base, having observed hackers log into their mainframe. He calls the duty officer to tell him what has happened, duty officer says that this is impossible, that computer has a password: sadly, the password was "administrator". Hadn't been changed from default. _________________ WRT54G v1.1 DD-WRT v24-sp2 (07/22/09) std - build 12548 VINT Eko
oh it's a Buffalo WHR-G300N by the way, should have mentioned that.
With a RaLink cpu and switch, that is the reason why you don't have any vlan config in the GUI.
So you not only have a router where the chip manufacturer doesn't make the chip specifications publicly available - you are also in the wrong sub-forum. _________________ Kernel panic: Aiee, killing interrupt handler!
You'll have to remove ports 1,2,3,4 from vlan0ports.
3 commands
nvram set vlan0ports="5*"
nvram commit
reboot
thankyou LOM, i really appreciate your help.
The other dude who is banging on about physical security, ok whatever, i did not ask to be lectured on the fundamentals of infosec, i asked how to disable switch ports from ddwrt.
Now if you dont mind, can you clutter another thread with your (quite correct) view point.
lmfao... _________________ Optware, the Right Way
Asus RT-AC68U
Asus RT-N66U
Asus RT-N10
Asus RT-N12
Asus RT-N16 x5
Asus WL520gU
Engenious ECB350
Linksys WRT600Nv1.1
Linksys WRT610Nv1
Linksys E2000
Netgear WNDR3300
SonicWall NSA220W
SonicWall TZ215W
SonicWall TZ205W
SonicWall TZ105W
You are welcome. Now please piss over to the sub-forum where you belong, the RaLink one _________________ Kernel panic: Aiee, killing interrupt handler!
Joined: 29 Dec 2008 Posts: 649 Location: Southern California
Posted: Sun Dec 06, 2009 19:49 Post subject: twat
1) I do not think anyone here is real impressed with your "Cisco Certification". Note: they are not really impressed over at Slashdot.org, either:
Quote:
Fatty writes "Entry level certifications such as the Cisco Certified Network Associate (CCNA) have become the source of many jokes to people in the industry, largely because of the seemingly inept people that proudly display their certifications.
from the i-never-valued-it-in-the-first-place dept.
lpq writes "IT certifications, popular after the dot-com bust, seem to be hurting careers now according to this article in the current Eweek.com issue. Guess employers are getting hip to the idea that those who don't have experience or can't "do", get certified..."
Quote:
CCNA Certification Library
Posted by timothy
from the punch-yer-own-ticket dept.
books
Michael Bennett Cohn writes "Cisco Press' CCNA Self-Study Certification Library by Wendell Odom consists of two books: the ICND guide and the INTRO guide, corresponding to tests 640-811 and 641-821, respectively. Passing each of those tests will make you a CCNA; so will passing combined exam 640-801. I passed exam 640-801 in one try, with no real networking experience and having taken no classes. The ICND and INTRO books comprised my primary training materials."
Emotional Intelligence, being able to work with others, accept new ideas, creatively work a problem: no certificate for that, really.
Page 15 of the PDF: reset the router in 3 seconds using a paperclip. Router back to defaults: in three seconds. Got access! I think the term is "pwned".
Note: in this Cisco security book, they talk about the importance of securing from physical access:
What if you set a new WAN MAC address and lock the switch port on the other end of WAN port to this MAC address. Reseting the router would reset also WAN MAC to its factory value and then router wouldn't have access to the internal network anymore.
So by :
1. locking all router LAN ports to a specific MAC address (with which you spoof your eth every time you access the router)
2. setting a new WAN MAC address
3. locking the switch port on the other end of WAN port to this MAC address
wouldn't this be secure enough ?
how fast can one find the correct MAC address by bruteforce spoofing ?
You'll have to remove ports 1,2,3,4 from vlan0ports.
3 commands
nvram set vlan0ports="5*"
nvram commit
reboot
Hi DD-WRT Community!
I tried these three commands and it didn't work on the TL-WR841ND with the build 23838 (03/29/14).
Are these commands only work on broadcom and not atheros or on older builds?
I found these posts by accident, trying to research the possibility to block LAN-Ports in certain situations and after reading all of your posts, I tried that one from a user names LOM as I quoted.
Does anyone have a diffrent solution or opinion regarding to this topic?