[ previous ] [ next ] [ threads ]
 
 From:  "Brad Gibson" <brad dot gibson at naponline dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Feature Request
 Date:  Sun, 25 Jan 2004 22:28:20 -0500
Basically, I just think the point that a few of us are making, is that the
point of a firewall is supposed to be as secure as possible. Thus, having
the admin name changeable would only add in security. And I most definitely
believe in having passwords with Caps, Lowercase, Numbers and Special
Characters. But combine the strong passwords with an unknown username - that
would make for an even more secure firewall.

I also don't think this request is as important as others that have been
made, but if it were something simple to do, it would be great!

Just my 3 cents ;).

-Brad

-----Original Message-----
From: Paul Fournier [mailto:august70 at thefourniers dot net] 
Sent: Sunday, January 25, 2004 10:15 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Feature Request

Actually all anyone who wants to be malicious has to do it telnet to the
device on port 80 (or just try to visit it via a web browser and
unsuccessfully login a couple times) and try a /GET a couple times and the
router returns and error with info letting the person know what software is
running on it. After a minute or so on the m0n0wall website, they would have
the user name to login. Granted using strong passwords is still a smart
thing to do, If your not looking at the logs for a couple of days this could
give a user an opportunity to access the router.

error from router returns this.

(null) 400 Bad Request
Server: mini_httpd/1.19 19dec2003
Date: Mon, 26 Jan 2004 02:58:32 GMT
Cache-Control: no-cache,no-store
Content-Type: text/html; charset=%s
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html>
<head> <title>m0n0wall</title> <meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1"> <style type="text/css">
<!--
 body,td,th,input,select
 { font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size:
11px;}
 .pgtitle { font-size: 24px; color: #777777; font-weight: bold; }  .rederr {
font-size: 16px; font-weight: bold; color: #CC0000;}  a { text-decoration:
none; }
-->
</style>
</head>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <p align="center"
class="pgtitle">m0n0wall</p> <p align="center" class="rederr">Access
denied.</p> </body> </html>


-----Original Message-----
From: Michael Iedema [mailto:iedemam at pluto dot dsu dot edu]
Sent: Sunday, January 25, 2004 9:34 PM
To: res00vl8 at alltel dot net; m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Feature Request



> I don't see a problem with the login name being "admin", unless a weak

Agreed.  You are by no means 50% 'in' by knowing the username.  You are
unable to confirm the accuracy of the username without also having a correct
password.

> password is in use. If you have a problem creating strong passwords, 
> there's plenty of free utilities out there that will create them for 
> you.

FYI: Incase anyone wanted to make their m0n0wall experience complete, Manuel
has a password generator for windows based upon mouse movements.
It's on his other site at http://neon1.net.  It's called mkpasswd and I've
been using it for awhile.  Strong, and has the 'novelty' quality about it.

--Michael I.


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch