#22111: dropbear listens on public ipv6 connection after process restart =
remote
SSH access (vulnerability mitigation included)
-----------------------+----------------------------------
Reporter: Aditza | Owner: developers
Type: defect | Status: new
Priority: high | Milestone:
Component: packages | Version: Chaos Calmer 15.05
Resolution: | Keywords: dropbear, remote ssh
-----------------------+----------------------------------
Comment (by Aditza):
the security of critical system services, such as telnet/ssh and luci web
admin, should not rely imho on the default firewall rules... they should
have explicit DROP rules for wan.
I think that those default rules should be considered more of a safety net
for cases of "oh, shit! why is this open?" instead of the main line of
defense.
--
Ticket URL: <https://dev.openwrt.org/ticket/22111#comment:2>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
