DumaOS on the Netduma R1 is now in Open Beta! Learn more here: http://forum.netduma.com/topic/26315-dumaos-on-the-netduma-r1-is-now-in-open-beta/

 

Jump to content

insecure

Members
  • Content count

    2
  • Joined

  • Last visited

  1. Setup: Verizon Fios -> Netduma R1 [VPN Profile] - Xbox360 [Connected via wire/Ethernet] Monitoring the 192.168.88.1 web interface with a computer connected to the wifi ap in the Netduma R1 appliance, approximately 15 feet away. At the end of each COD Black Ops match the wifi connection is dropped on the laptop Below you will find a cut and paste of the continuous ping, I will add some notes on what was occurring in the Xbox 360 game. This trouble happens consistently after each game and can be duplicated 100% perfect of the time. I will be happy to take a .pcap of what occurs if someone would like to identify and re-mediate. 64 bytes from 8.8.8.8: icmp_seq=1470 ttl=59 time=17.3 ms <- playing Black Ops during this time. 64 bytes from 8.8.8.8: icmp_seq=1471 ttl=59 time=18.0 ms <- this ping -t 8.8.8.8 was running during game play 64 bytes from 8.8.8.8: icmp_seq=1472 ttl=59 time=22.1 ms <- the game is getting close to being over and I press CTRL-C 64 bytes from 8.8.8.8: icmp_seq=1473 ttl=59 time=16.5 ms <- on this ping after the game ends. 64 bytes from 8.8.8.8: icmp_seq=1474 ttl=59 time=17.2 ms 64 bytes from 8.8.8.8: icmp_seq=1475 ttl=59 time=18.0 ms 64 bytes from 8.8.8.8: icmp_seq=1476 ttl=59 time=16.5 ms 64 bytes from 8.8.8.8: icmp_seq=1477 ttl=59 time=16.4 ms 64 bytes from 8.8.8.8: icmp_seq=1478 ttl=59 time=20.3 ms 64 bytes from 8.8.8.8: icmp_seq=1479 ttl=59 time=16.7 ms 64 bytes from 8.8.8.8: icmp_seq=1480 ttl=59 time=15.5 ms 64 bytes from 8.8.8.8: icmp_seq=1481 ttl=59 time=16.6 ms 64 bytes from 8.8.8.8: icmp_seq=1482 ttl=59 time=19.0 ms 64 bytes from 8.8.8.8: icmp_seq=1483 ttl=59 time=31.8 ms 64 bytes from 8.8.8.8: icmp_seq=1484 ttl=59 time=18.4 ms 64 bytes from 8.8.8.8: icmp_seq=1485 ttl=59 time=18.4 ms 64 bytes from 8.8.8.8: icmp_seq=1486 ttl=59 time=21.9 ms 64 bytes from 8.8.8.8: icmp_seq=1487 ttl=59 time=34.1 ms 64 bytes from 8.8.8.8: icmp_seq=1488 ttl=59 time=110 ms 64 bytes from 8.8.8.8: icmp_seq=1489 ttl=59 time=22.7 ms 64 bytes from 8.8.8.8: icmp_seq=1490 ttl=59 time=17.2 ms 64 bytes from 8.8.8.8: icmp_seq=1491 ttl=59 time=18.4 ms 64 bytes from 8.8.8.8: icmp_seq=1492 ttl=59 time=17.1 ms 64 bytes from 8.8.8.8: icmp_seq=1493 ttl=59 time=15.9 ms 64 bytes from 8.8.8.8: icmp_seq=1494 ttl=59 time=286 ms 64 bytes from 8.8.8.8: icmp_seq=1495 ttl=59 time=907 ms 64 bytes from 8.8.8.8: icmp_seq=1496 ttl=59 time=228 ms 64 bytes from 8.8.8.8: icmp_seq=1497 ttl=59 time=210 ms 64 bytes from 8.8.8.8: icmp_seq=1498 ttl=59 time=38217 ms <-- This occurred From 8.8.8.8 icmp_seq=1505 Destination Host Unreachable <-- The Netduma R1 wifi network went down and my wifi reconnected to another AP From 8.8.8.8 icmp_seq=1506 Destination Host Unreachable From 8.8.8.8 icmp_seq=1507 Destination Host Unreachable From 8.8.8.8 icmp_seq=1508 Destination Host Unreachable From 8.8.8.8 icmp_seq=1509 Destination Host Unreachable From 8.8.8.8 icmp_seq=1510 Destination Host Unreachable From 8.8.8.8 icmp_seq=1511 Destination Host Unreachable From 8.8.8.8 icmp_seq=1512 Destination Host Unreachable From 8.8.8.8 icmp_seq=1513 Destination Host Unreachable From 8.8.8.8 icmp_seq=1514 Destination Host Unreachable From 8.8.8.8 icmp_seq=1515 Destination Host Unreachable From 8.8.8.8 icmp_seq=1516 Destination Host Unreachable ^C <-- Pressed CTRL-C after the game ended --- 8.8.8.8 ping statistics --- 1516 packets transmitted, 1470 received, +12 errors, 3% packet loss, time 1551208ms rtt min/avg/max/mdev = 13.969/49.664/38217.307/996.430 ms, pipe 5
  2. Netduma R1 should not allow insecure protocols, such as, but not limited to HTTP (TCP Port 80) or Telnet (TCP Port 23). These protocols are insecure for passing user name and passwords. Recommendation: Add HTTPS support to the Web daemon being used on the Netduma R1 appliance. Remove HTTP support, or give the option to override the default HTTPS option (with a warning banner) Enable HTTPS support by default. I would be happy to assist, or provide explicit documentation on this risk if necessary. Thank you for creating this great product, now let's make it secure!
×