Basically, I just think the point that a few of us are making, is that the
point of a firewall is supposed to be as secure as possible. Thus, having
the admin name changeable would only add in security. And I most definitely
believe in having passwords with Caps, Lowercase, Numbers and Special
Characters. But combine the strong passwords with an unknown username - that
would make for an even more secure firewall.
I also don't think this request is as important as others that have been
made, but if it were something simple to do, it would be great!
Just my 3 cents ;).
-Brad
-----Original Message-----
From: Paul Fournier [mailto:august70 at thefourniers dot net]
Sent: Sunday, January 25, 2004 10:15 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Feature Request
Actually all anyone who wants to be malicious has to do it telnet to the
device on port 80 (or just try to visit it via a web browser and
unsuccessfully login a couple times) and try a /GET a couple times and the
router returns and error with info letting the person know what software is
running on it. After a minute or so on the m0n0wall website, they would have
the user name to login. Granted using strong passwords is still a smart
thing to do, If your not looking at the logs for a couple of days this could
give a user an opportunity to access the router.
error from router returns this.
(null) 400 Bad Request
Server: mini_httpd/1.19 19dec2003
Date: Mon, 26 Jan 2004 02:58:32 GMT
Cache-Control: no-cache,no-store
Content-Type: text/html; charset=%s
Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html>
<head> <title>m0n0wall</title> <meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1"> <style type="text/css">
<!--
body,td,th,input,select
{ font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size:
11px;}
.pgtitle { font-size: 24px; color: #777777; font-weight: bold; } .rederr {
font-size: 16px; font-weight: bold; color: #CC0000;} a { text-decoration:
none; }
-->
</style>
</head>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <p align="center"
class="pgtitle">m0n0wall</p> <p align="center" class="rederr">Access
denied.</p> </body> </html>
-----Original Message-----
From: Michael Iedema [mailto:iedemam at pluto dot dsu dot edu]
Sent: Sunday, January 25, 2004 9:34 PM
To: res00vl8 at alltel dot net; m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Feature Request
> I don't see a problem with the login name being "admin", unless a weak
Agreed. You are by no means 50% 'in' by knowing the username. You are
unable to confirm the accuracy of the username without also having a correct
password.
> password is in use. If you have a problem creating strong passwords,
> there's plenty of free utilities out there that will create them for
> you.
FYI: Incase anyone wanted to make their m0n0wall experience complete, Manuel
has a password generator for windows based upon mouse movements.
It's on his other site at http://neon1.net. It's called mkpasswd and I've
been using it for awhile. Strong, and has the 'novelty' quality about it.
--Michael I.
---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch | 