Fedora Security and the Uverse 3800HGV-B router
john wendel
jwendel10 at comcast.net
Sat Jul 2 03:57:01 UTC 2011
On 07/01/2011 08:45 PM, JD wrote:
> I am writing this message with the hope that someone on this
> list has this uverse router.'
> When I use Firefox to browse to this router (192.168.1.254),
> it displays the "Home" machines connected to the network.
> For each machine it displays:
> a tv icon, it's name, and a link named "Access FIles"
> and another link named "Device Details".
>
> If I click on any machine's "Acess FIles" link, it
> displays my Fedora's / directory completely.
>
> I have no ftp daemon running.
> I have no apache running.
> In fact I do not have ANY internet server running.
>
> So how in blazes is the router able to display my
> entire system's files?
>
> If I aim my browser at my own IP address,
> I get
> Unable to connect
> Firefox can't establish a connection to the server at 192.168.1.201.
>
> So how is the router doing it?
> This is a very disconcerting security hole and I have not been
> able to nail it down to any daemon running on my Fedora.
>
> Thanks for your insights.
>
> JD
Your router isn't displaying the files, your browser is, so it doesn't
need a network connection. Though I must admit, I don't know how it's
done. Maybe you should examine the html source.
John
More information about the users
mailing list