Home of the Squeezebox™ & Transporter® network music players.
Page 6 of 6 FirstFirst ... 456
Results 51 to 56 of 56
  1. #51
    Senior Member
    Join Date
    Dec 2020
    Posts
    325
    Quote Originally Posted by slartibartfast View Post
    Virgin push firmware updates to their hubs if you want to call that a backdoor.
    That implies the presence of a backdoor, otherwise the ISP would not be able to access the router without your explicit consent for pushing the updates.

  2. #52
    Senior Member
    Join Date
    Oct 2005
    Location
    Ireland
    Posts
    21,898
    Quote Originally Posted by gordonb3 View Post
    That implies the presence of a backdoor, otherwise the ISP would not be able to access the router without your explicit consent for pushing the updates.
    In the case of Virgin with a cable network - the firmware upgrade may be part of DOCSIS and so it would not be over internet - a backdoor but over a private network.

  3. #53
    Senior Member
    Join Date
    Jan 2010
    Location
    Hertfordshire
    Posts
    9,715
    Quote Originally Posted by gordonb3 View Post
    That implies the presence of a backdoor, otherwise the ISP would not be able to access the router without your explicit consent for pushing the updates.
    I set the Virgin Hub in Modem Only mode after finding that on the rare occasions when broadband was down it was impossible to listen to local music over the network

    Sent from my Pixel 3a using Tapatalk

  4. #54
    Senior Member
    Join Date
    Dec 2020
    Posts
    325
    Quote Originally Posted by cookiemonster View Post
    What is the solution? For those happy with an ISP router and just plug and forget, just do that. It will have certain protection by NAT for nasties coming in. It won't stand much of a chance if there is a nasty on the inside. Follow best advice like keep firmware updated, change default admin passwords to strong one, disable WAN management, etc.
    Exactly. The main thing to remember is that authenticated people can do unauthorized stuff and sometimes without even being aware (`click here to win a chocolate bar`) of doing so. In accordance with RFC1918 no router that is connected to the public internet will allow forwarding of packages to any of the standard's IP ranges (192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12) and this includes every dedicated commercial and ISP provided router. The only possible way to access a machine behind such a router is by using a DNAT rule which no router is ever preconfigured to do. Thus presuming that the ISP did not add a backdoor and the owner did not add any inbound rules, then any unwanted connection is always initiated from the inside.

    Which leads to the question who controls what. A nice example of this is Tuya which is controlled by a server in China - you are just allowed to interact with that server. A few years back there was a similar complaint about Samsung televisions. My ISP is also my digital TV provider who periodically updates the device with new firmware. My thermostat also communicates with some internet server which is nice because this allows me to control it from practically everywhere and be able to return to a warm home (provided that the internet server is not suffering from some issue). None of this stuff requires access to my internal network and since I am also unable to access these devices other than through a remote server I've placed all of these devices in a separate network.

  5. #55
    Senior Member
    Join Date
    Dec 2020
    Posts
    325
    Quote Originally Posted by bpa View Post
    In the case of Virgin with a cable network - the firmware upgrade may be part of DOCSIS and so it would not be over internet - a backdoor but over a private network.
    Possible, in the case of my own ISP I just happened to trip over it because I couldn't use the port as it was already in use. I could still have lived with it though if they hadn't used it to overwrite the firewall configuration. That was a big NO for me.

  6. #56
    Senior Member
    Join Date
    Dec 2020
    Posts
    325
    Quote Originally Posted by slartibartfast View Post
    But it would be an unlikely typo, M is a fair distance from O
    `O` for opinion. Mileage implies having experience which you can't have because it is completely speculative what would have happened if you didn't accept the update.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •