LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-12-2009, 12:11 PM   #1
lusiads
LQ Newbie
 
Registered: Sep 2008
Posts: 17

Rep: Reputation: 0
Question Help: Setup Router DMZ via Telnet


Hi everyone,
This question is not only for linux.

I try to audit network security of our company and I found it's realative easy to break into to router with default password via telnet.
Some router firmware even let me see obtain the username and password in seconds.
Just one thing, how can I get access to PCs behind those router?
My idea were simple, if I can put PC (one by one) to DMZ (or NAT) so I can push my penetration testing further. But I haven't found anyway to accomplish that 'cause I found no command to set DMZ settings. I tried a lot of different modems/firmwares but no luck. Google for Manuals but nothing I found were useful.
I know each firmware has its own command sets, all I need to know if it's possible to set up DMZ properly from telnet. Could you tell me how you do it with your own router? This will give me ideas of how to archive this?

Any help, comment would be appreciated.
 
Old 01-12-2009, 12:21 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,373

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962
That's really very very vague, don't quite understand what you're really after. Fundamentally you're doing some form of home brew penetration test? Well if you gain access to a firewall / router then you will obviously have a given level of control over all local networks and forms of connectivity through it which would be affected in some way (dropped, natted, rejected, encrypted, tunnelled etc...)

So you're asking "if it's possible to set up DMZ properly from telnet" Well firstly a DMZ takes MANY forms and architectures. Many people think a DMZ is merely a certain machine to which internet traffic is forwarded to by default, rather than ideally seperate network off of a firewall with various machines in it. As for telnet, well that's an obvious problem. Any device giving command line access in the level of environment you *appear* to be duscussing would support ssh, so that should always be used over telnet, and should certainly never be open on the internet side of any security device. as for default usernames - well that's human issues. You can't blame a router because the guy who configured it was stupid / lazy / ignorant. There are *very* few well known examples of vendors accidentally leaving in engineering back doors which were impossible to patch for, e.g. Checkpoint a few years ago, but that's a real rarity.

That' just general talk about the technologies you've mentioned though, I still don't understand what you actually mean in your question...

Last edited by acid_kewpie; 01-12-2009 at 12:23 PM.
 
Old 01-12-2009, 12:24 PM   #3
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 14,132

Rep: Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456
Quote:
Originally Posted by lusiads View Post
Hi everyone,
This question is not only for linux.

I try to audit network security of our company and I found it's realative easy to break into to router with default password via telnet.
Some router firmware even let me see obtain the username and password in seconds.
Just one thing, how can I get access to PCs behind those router?
My idea were simple, if I can put PC (one by one) to DMZ (or NAT) so I can push my penetration testing further. But I haven't found anyway to accomplish that 'cause I found no command to set DMZ settings. I tried a lot of different modems/firmwares but no luck. Google for Manuals but nothing I found were useful.
I know each firmware has its own command sets, all I need to know if it's possible to set up DMZ properly from telnet. Could you tell me how you do it with your own router? This will give me ideas of how to archive this?

Any help, comment would be appreciated.
Yes, it's possible. You could either add a rule of your own to let your PC go further (since you're in the router already), or look at the existing rules, and set your PC to match the address/port.

Without knowing what kind of router/switch/firewall is in place, it's hard to say. Possible, since you say you've got the user ID/pw for the router....
 
Old 01-12-2009, 12:27 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,373

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962
You reckon he means getting administrative access over telnet? just that? hmm, maybe. I'd like to see anyone set up an entire DMZ with just telnet though... plugging patch leads in and rack mounting servers is a real bitch that way!
 
Old 01-12-2009, 11:27 PM   #5
lusiads
LQ Newbie
 
Registered: Sep 2008
Posts: 17

Original Poster
Rep: Reputation: 0
to cid_kewpie: I have had administrative access to router. I just don't know how to set up DMZ via telnet. It should be far more easier if I have http access to router, but I do not.
I want to access to PCs which are behind those router, so I could probe those PCs (doing a port scanning against those PCs), then pushing my penetration test further. I think single DMZ is good idea though NAT Virtual Server seems good too.
My issue is, I haven't find a way to set up DMZ via telnet.
Sorry for confusing you. I appreciate all your helps.
 
Old 01-13-2009, 01:18 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,373

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962
yeah... the point is "set up DMZ via telnet" doesn't make much sense... what do you actually *MEAN*??
 
  


Reply

Tags
dmz, modem, nat, router


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
router in DMZ is not reachable saavik Linux - Networking 2 07-14-2006 05:30 AM
DMZ on the same box as network router cjewell Linux - Networking 1 09-24-2005 12:27 AM
RH 9 Firewall/Router Iptables DMZ Dammas Linux - Software 0 03-30-2004 01:02 AM
DMZ and ADSL router question mazzo Linux - Networking 1 03-03-2004 02:36 PM
How to Setup DMZ? Manuel-H Linux - Networking 1 04-06-2003 12:55 PM


All times are GMT -5. The time now is 03:26 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration