[ale] OT: What the hell is XSS in Comcast land?

Jim Lynch ale_nospam at fayettedigital.com
Mon Aug 12 20:16:39 EDT 2013


On 08/12/2013 04:36 PM, Alex Carver wrote:
> Consumer firmware is exactly why I replaced the firmware in the router 
> the moment I bought it.  It's especially important considering I use 
> features that Linksys' own firmware does not support (changing port 
> number when mapping, supporting multiple IPs on WAN, etc.) Installing 
> is fairly trivial now, plenty of tools for multiple operating systems 
> and OpenWRT now has Lua scripts to give you a web configuration system 
> so you technically don't have to fiddle with terminal access.  It took 
> me almost as much time to set up the wiring for the firmware as it did 
> to install the firmware itself.  Customizing took a little time but 
> for most applications it's not bad.
I'm still running the original firmware because, if I understand OpenWRT 
it uses iptables, which is probably the most non intuitive, complex and 
frustrating software on the planet.  The firmware for the Linksys has 
the right idea.  Fill in the blanks for what ports you want routed to 
where, and block the rest, not some arcane stuff like:

# iptables -A INPUT -i eth0 -s x.y.z.s/32 -j DROP
iptables -A INPUT -i eth0 -s x.y.z.c/32 -j DROP
iptables -A INPUT -i eth0 -s 192.168.0.0/24 -j DROP
iptables -A INPUT -i eth0 -s 127.0.0.0/8 -j DROP
# iptables -A INPUT -i eth0 -s x.y.z.s/32 -j DROP
iptables -A INPUT -i eth0 -s x.y.z.c/32 -j DROP
iptables -A INPUT -i eth0 -s 192.168.0.0/24 -j DROP
iptables -A INPUT -i eth0 -s 127.0.0.0/8 -j DROP

Total unnecessary gibberish.  Designed to keep sys admins employed!

Jim.


More information about the Ale mailing list