#22111: dropbear listens on public ipv6 connection after process restart =
remote
SSH access (vulnerability mitigation included)
-----------------------+----------------------------------
Reporter: Aditza | Owner: developers
Type: defect | Status: new
Priority: high | Milestone:
Component: packages | Version: Chaos Calmer 15.05
Resolution: | Keywords: dropbear, remote ssh
-----------------------+----------------------------------
Comment (by anonymous):
Replying to [comment:2 Aditza]:
> the security of critical system services, such as telnet/ssh and luci
web admin, should not rely imho on the default firewall rules... they
should have explicit DROP rules for wan.
>
> I think that those default rules should be considered more of a safety
net for cases of "oh, shit! why is this open?" instead of the main line of
defense.
I agree with you this should not be open just like it's not for IPv4.
--
Ticket URL: <https://dev.openwrt.org/ticket/22111#comment:4>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
