The 320 CPE's have a known open DNS resolver issue (responding to DNS queries from external hosts). I have seen some of the NAT enabled CPE's choke on the external DNS requests and we then see 95% packet loss to them. Most of our 320 CPE's operate in bridge mode.
On Tue, May 10, 2016 at 10:38 AM, Joe Novak <jno...@lrcomm.com> wrote: > Does 320 have 'remote configuration interface' in the NAT tab? I think > this is equivalent to 'separate management interface'. I'm not very > familiar with the 320 line... or maybe change it to a random nonstandard > port just for said customer and then firewall the port at the tower/edge? > > On Tue, May 10, 2016 at 8:09 AM, Trey Scarborough <t...@3dsc.co> wrote: > >> I wouldn't recommend doing it there are not any known security issues >> that I can speak of. I do know however that your performance on that CPE >> will be go down significantly and I do know outside request can kill them. >> I guess a sort of vulnerability. >> >> >> On 5/9/2016 11:41 PM, That One Guy /sarcasm wrote: >> >>> All our 320s are in bridge mode. We have a fool customer who is >>> irritating me though, I need to isolate him from our network so I want >>> to put it in NAT mode, but I need to have him on a public IP so he can >>> be identified in complaints. Are there any known vulnerabilities in the >>> 320 CPE I should be aware of? the operator and admin account are >>> disabled. Telnet and port 80 are enabled on the WAN. >>> >>> also, how functional is the DMZ, will there end up being complaints that >>> some game doesnt work? >>> >>> -- >>> If you only see yourself as part of the team but you don't see your team >>> as part of yourself you have already failed as part of the team. >>> >> >> >> >