TP-Link abandons 'forgotten' router config domains
-
TP-Link abandons 'forgotten' router config domains.
-
That's a pretty big security hole to leave open.
-
It just gets better and better as I read more on this topic....
-
It's really not super horrible - bad, sure, but super bad.. not really.
if you're behind the firewall, the firewall intercepts requests to this domain and redirects them to itself (it's own webserver). If you're not behind the device, then why are you going there in the first place?
-
@Dashrender said in TP-Link abandons 'forgotten' router config domains:
It's really not super horrible - bad, sure, but super bad.. not really.
It is worse than you think, but no not horrible because there are not enough devices using it out there.
@Dashrender said:
if you're behind the firewall, the firewall intercepts requests to this domain and redirects them to itself (it's own webserver).
Not exactly. None of these routers work like that. They do not intercept anything. They provide a DNS answer with their own IP for this. That is not intercepting traffic. So if the machine has something other than the router for DNS, then it will go right through the router. A lot of home users try and put things like OpenDNS on their stuff and put it in the DHCP scope on these routers because they are wanting to block porn and such.
@Dashrender said:
If you're not behind the device, then why are you going there in the first place?
Because people are stupid.
-
@JaredBusch said in TP-Link abandons 'forgotten' router config domains:
@Dashrender said in TP-Link abandons 'forgotten' router config domains:
It's really not super horrible - bad, sure, but super bad.. not really.
It is worse than you think, but no not horrible because there are not enough devices using it out there.
@Dashrender said:
if you're behind the firewall, the firewall intercepts requests to this domain and redirects them to itself (it's own webserver).
Not exactly. None of these routers work like that. They do not intercept anything. They provide a DNS answer with their own IP for this. That is not intercepting traffic. So if the machine has something other than the router for DNS, then it will go right through the router. A lot of home users try and put things like OpenDNS on their stuff and put it in the DHCP scope on these routers because they are wanting to block porn and such.
@Dashrender said:
If you're not behind the device, then why are you going there in the first place?
Because people are stupid.
Have you tested that and know the DNS redirection is true? If so, I see an errata in Security Now for next week.
-
@Dashrender said in TP-Link abandons 'forgotten' router config domains:
Have you tested that and know the DNS redirection is true? If so, I see an errata in Security Now for next week.
Let me answer by asking you this.
Do you think all these home routers have a web proxy running on them? -
It's TP-Link, is anyone surprised?
