NW-Bound
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
- Joined
- Jul 3, 2008
- Messages
- 35,712
Heh... It's a small container holding a messy surprise! Meets the definition of honeypot for me.
The internet service provider doesn't think there is a problem with their router, according to their phone support 'expert'. Meanwhile, back on Earth:
Backdoor in wireless DSL routers lets attacker reset router, get admin | Ars Technica
Easter egg: DSL router patch merely hides backdoor instead of closing it | Ars Technica
http://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf
And yup, their router is chock full of Sercomm software, and nicely responds to a knock-knock sequence to gain root access!
You scare me, so I check on the Web and my router is not one with the backdoor. Whew!
And then, I log on to the router to see its log. What the heck! Some guy with an IP address up in Utah made several attempts to get to my Iomega file server on port 50500. Did he get in? I double checked the settings on that stand-alone server, and saw that I did not authorize access from the outside, over the Web. So what was that all about?
Anyway, I guess it is a kind of mischievous fun to set up a honeypot to attract flies. But is it possible to bring too much traffic to your home that it is like inviting your own DoS attack?
I am not an IT or network expert, but now wonder if the frequent lockup of that file server was due to its "lock being pried" by that unknown jerk. I had to reboot the thing every few days.
PS. Just found out the IP address belongs to Iomega Corp! Is this a case of "ET call home"? What are they doing?
Last edited: