Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Geek Culture / Wow Google, that's not cool

Author
Message
Ortu
DBPro Master
16
Years of Service
User Offline
Joined: 21st Nov 2007
Location: Austin, TX
Posted: 10th Nov 2017 02:25 Edited at: 10th Nov 2017 03:26
Link
So I have Google Fiber for my home internet service, and the service is great, the network box is easy to manage from your account on fiber.google.com

BUT... by chance I happened to point my web browser at my public IP address and to my surprise, the network box loaded up a diagnostic/technical service web page, which offers a great big button to power-cycle the network box, no log in needed. literally anyone that hits my public IP could reboot my router at a whim.

Further, it proceeds to list all devices connected to my network with local IP, MAC address, host name, lists the wireless SSID, and so on and so on. WTF? why isn't all this behind a log in?

well eff that, going to put a stop to that nonsense. I set up port forwarding for 80 and 443 to a junk IP where hitting my public IP will just get no response.

If anyone gets google fiber, i do recommend it highly, but be aware that all this is just out there unless you take steps to prevent it.
http://games.joshkirklin.com/sulium

A single player RPG featuring a branching, player driven storyline of meaningful choices and multiple endings alongside challenging active combat and intelligent AI.
Back to top
Profile PM Email Website
BatVink
Moderator
21
Years of Service
User Offline
Joined: 4th Apr 2003
Location: Gods own County, UK
Posted: 10th Nov 2017 12:28
Link
You can usually tick a box to block all external access to the admin panel, allow access only from listed IP addresses and/or require a user/password.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Quidquid latine dictum sit, altum sonatur
TutCity is being rebuilt
Back to top
Profile PM Email
Phaelax
DBPro Master
21
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 10th Nov 2017 13:46
Link
Why forward the request at all? Just deny it. Block the incoming ports. To me this sounds more like your public IP was being forwarded to your gateway address, aka the modem, and your router setup is to blame.

"I like offending people, because I think people who get offended should be offended." - Linus Torvalds
Back to top
Profile PM Email Website
Ortu
DBPro Master
16
Years of Service
User Offline
Joined: 21st Nov 2007
Location: Austin, TX
Posted: 10th Nov 2017 17:19
Link
It's not actually an admin/management console, you can't make any changes other than to reset.

You also don't reach this page by browsing to the device's local address, only from its public interface.

All management is done remotely through your account at fiber.google.com, then changes get pushed down to the box.

This is just a diagnostic page, presumably for customer service/support to use. There are no options to flat out disable or restrict the access or hosting of this page on the device, nor options to block ports on this device.

Normally not much of an issue, you generally block ports on the firewall or end devices, behind the router not on the router itself, and the router generally doesnt host any services other than a management console which is secured through access control

But this thing is a bit different. The best I could find was to forward the traffic to a non-existent host.
http://games.joshkirklin.com/sulium

A single player RPG featuring a branching, player driven storyline of meaningful choices and multiple endings alongside challenging active combat and intelligent AI.
Back to top
Profile PM Email Website
Phaelax
DBPro Master
21
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 14th Nov 2017 12:20
Link
At least you can get google fiber in your area, unlike the rest of us!

"I like offending people, because I think people who get offended should be offended." - Linus Torvalds
Back to top
Profile PM Email Website
Seditious
10
Years of Service
User Offline
Joined: 2nd Aug 2013
Location: France
Posted: 14th Nov 2017 12:30
Link
Quote: "At least you can get google fiber in your area, unlike the rest of us!"


Can't you just put the LAN cable down your toilet?
2002 - Present
Back to top
Profile PM
Phaelax
DBPro Master
21
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 14th Nov 2017 13:44
Link
Quote: "Can't you just put the LAN cable down your toilet?"


I remember that

"I like offending people, because I think people who get offended should be offended." - Linus Torvalds
Back to top
Profile PM Email Website
Back to top

Login to post a reply

Server time is: 2024-04-16 22:01:48
Your offset time is: 2024-04-16 22:01:48