Netgear DG834G + IPcop Firewall
Results 1 to 9 of 9

Thread: Netgear DG834G + IPcop Firewall

  1. #1
    Banned
    Join Date
    Feb 2004
    Posts
    29

    Netgear DG834G + IPcop Firewall

    Netgear DG834G setup.cgi Debug Mode Local Net Access

    Netgear DG834G Zebra Service Default Account

    Hi,

    I need help, I got a Netgear DG834G ADSL router and a IPcop 1.4 Firewall. I need to know, will mine firewall if configure properly be able to protect my internal network from the vulnerability of the Netgear router. There is no patch/ firmware available to the Netgear yet.

    Anyone know any workaround for this problem.

    Thanks in advance.

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    I was unable to pull up your links. They redirected me to altavista.

    If you router is before your ipcop firewall, then no.
    WAN<-->Netgear Wireless Router<-->IPCop Box<--> hosts

    If your ipcop box is before your wireless router, then yes.

    If I had to setup your network, I'd setup the ipcop box first. Configure the wan interface and apply all necessary services and policies. Then I'd run the wireless router behind the ipcop box on a separate subnet from your ipcop box. If you're using DHCP, then let the Netgear Wireless router be your DHCP server for the hosts. You can have your negear WAN static or dynamic... depending on if you want the IPCop box to assign it an address. I'd just make it static to make things less complicated.

    WAN<-->IPCop Box<-->Netgear Wireless Router<--> hosts

    You can then have your netgear router as your "defalt gateway" for the clients on your network.
    Then you have the ipcop box as the "default gateway" for the netgear router.

    This will still enable you to have both your wireless and your wired hosts AND protect them.

    It seems kind of silly to set it up this way though... you could have just used the ipcop as your firewall/proxy/router/dhcp/etc. And then hooked up a switch for your wired hosts and then installed a wireless access point. There is really no need for two routers...

    But whatever... you already have the hardware... might as well use it.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Banned
    Join Date
    Feb 2004
    Posts
    29
    Thanks for your reply. I changed the url now. It works now.

    I don't know if these workaround works. Someone told me this.

    Netgear DG834G setup.cgi Debug Mode Local Net Access&gt;

    I can ensure the administrative interface is protected via .htaccess. As suggested from www.osvdb.org

    Netgear DG834G Zebra Service Default Account&gt;

    I can get the latest firmware and read it using hex editor then change the Default Account password "Zebra" to something else. And then upload the firmware to my router again.

    Can someone advise me whether this will actually work.

    Thanks in advance.

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    That may work... hex editing the image.

    However, just hope you dont really screw it up. Most of the newer routers today require you to load a good image and then "upload" the new image to it and reboot. If you can't load the image... how are you going to recover your old image if the new one fails?

    You may want to see if you HAVE to update via web based utility. I had an old dlink that would let me connect via serial and load a new image before it started to load the image. I haven't seen any home routers with a serial port in a long time...

    If I were you, I'd throw the firewall in front of it (like in my example) and then wait for an updated image. You have to be careful with those routers... you could disable them permanently... trust me on this... I've done it. It was a netgear too... I called support and there was nothing they could do. (so they say). Power cut out as I was uploading a new imge. (What are the chances!?)

    But then again... you'll never know until you try it. Just don't come crying around here when you really fubar the router and you're out $80+ because you have to buy a new one.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    Banned
    Join Date
    Feb 2004
    Posts
    29
    Thanks, I will put IPcop in front of the Router as you suggested thanks.

  6. #6
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Both of these vulnerabilities are for Firmware 1.04
    Netgear is upto 1.05:

    Link to firmware upgrade:http://kbserver.netgear.com/support_...asp?dnldID=783

    I think you may have been over reacting a little, both of the vulnerabilities needed local network access to exploite. So putting ipcop infront of the netgear would not have protected you anyway.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  7. #7
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    jinxy: The second vuln was supposedly exploitable from remote too.
    "Remote/Network Access Required"

    The first one just required local network access.

    They didn't say if remote mgt had to be turned on or not.

    Guess we should have checkd to see if there were updates out.
    I trusted that the thread starter had already looked.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  8. #8
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Phish,
    Looked a little deeper, you were correct the second was remotely exploitable. The thing is though,

    The Zebra issue is simply a default password/default configuration
    issue. The documentation _clearly_ states that is should be changed and
    than an 'enable password' be applied. In neither case does this allow
    any "exploit" to take place, as you're restricted to the Zebra process
    and not the OS.


    It's no more of an exploit than Oracle's system/manager,
    sys/change_on_install, or scott/tiger username/password combinations
    that are installed by default.
    From:http://archives.neohapsis.com/archiv...4-08/0201.html
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  9. #9
    Banned
    Join Date
    Feb 2004
    Posts
    29
    When I finally got my hands on the router, I tested the zebra issue. And I discovered that the zebra issue no longer exist.

    I got mine only a few days. Maybe netgear corrected this problem before shipping. The router still got firmware 1.04, but now I have upgrade it to 1.05.

    I got a second question now. If I banner grab port 81 or 443, it will display "Netgear DG834G ADSL Router". How can I change the http banner to something else for the router? I did a few search on the Internet and can't found anything. After going to the debug mode. I see that it's using mini_httpd. But I can't found any document which tell me how to change the banner.

    Thanks in advance.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides