Charity-Whitehat Posted August 4, 2016 Share Posted August 4, 2016 Is there a built in way to block access to 1471 and ssh 23 to client except those connected to the management WiFi or eth1? Even with a strong password on the gui, we wouldn't want to be P0wned by the very people that we're trying to pentest. No point in letting them know, "yep that's a pineapple." I could also see security scanners looking for 1471. I'm assuming we can restrict port 1471 usnig IPTABLES or something like that, but I'm curious if there's a built in way to do this using the GUI. Related, 1) Is there a downside to changing the default subnet from 172.16.42 to something else? I could see that being a red flag to scanners and 2) Is there a way in the GUI to change the subnet? Thanks Quote Link to comment Share on other sites More sharing options...
bored369 Posted August 5, 2016 Share Posted August 5, 2016 1. no downside that I know of or found so far, i run mine on 192.168.1. 2. no way to change in gui, would have to be done in ssh Edit /etc/config/network to change it. Also you can change the port in /etc/nginx/nginx.conf, you would want to use iptables to block the port still. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.