lol, its funny you say that, this happens to be the guy a while back i posted about who was convinced that one of JABs acquisition APs infected him, and all his devices. this guy wanted to make it our problem now by putting our router back in place, which was fine, more visibility for us if hes a threat to our network.
Im not sure what proper firewalls you speak of Josh for customer equipment, we provide a cheap consumer router that occasionally ends up on our exposed public IP space, its no different than the customers own router, only we can lock it down so they cant mess things up. Aside from us managing the device, two air routers side by side are both air routers even if we own one and they own one. Are you recomending on our ISP network we block 80, 443, 22, 21 for all customers? because that will piss off alot of DVR owners. On Tue, Jul 12, 2016 at 4:45 PM, Bill Prince <[email protected]> wrote: > No I didn't realize that. That's a whole other story. I would advise the > customer to not allow direct access from the outside excepting perhaps VPN > access. Otherwise, it's their problem. They probably have their > smarter-than-they-are phone getting hacked. > > > bp > <part15sbs{at}gmail{dot}com> > > > On 7/12/2016 2:26 PM, That One Guy /sarcasm wrote: > > You realize this is a residential customer router right? not > infrastructure, not a CPE radio, those are all inaccessible > We dump a config that puts a single IP outside the dhcp pool on the DMZ. > If they want a public IP, they can do whatever they want as long as it > doesnt violate our TOS 53 and 123 would, everything but our management port > goes into the DMZ. And the only people with customer router credentials are > the staff who would need to get into them to turn on or off the wireless, > we defaultly put them out with it off. > > On Tue, Jul 12, 2016 at 4:17 PM, Bill Prince <[email protected]> wrote: > >> You should limit the scope of who can even attempt to login. >> >> bp >> <part15sbs{at}gmail{dot}com> >> >> >> On 7/12/2016 1:23 PM, That One Guy /sarcasm wrote: >> >> Jul 12 12:11:05 httpd[6948]: Bad password attempt for 'admin' from >> c-98-226-167-23.hsd1.il.comcast.net >> Jul 12 12:11:28 httpd[6952]: Password auth succeeded for 'admin' from >> c-98-226-167-23.hsd1.il.comcast.net >> >> This is from an airrouter with a strong password.. we just went through a >> password change too >> >> >> -- >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> >> >> > > > -- > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
