About a month ago, I switched ISPs and am now on 100Mb/s FTTH (fibre) and my local Telco provided an ‘el chepo’ ZTE F660 router. The techs spliced and looped in the optical fibre and set this up with default PPPoE settings etc.
At the time, I logged in and reset the admin password, and turned off the Wifi radio. More importantly, I did some port-forwarding to allow OpenVPN traffic through to my inner EdgeRouter.
However, about a week later, I found my OpenVPN connection just wouldn’t work. Uh oh. I couldn’t even login to the ZTE. I had to use the default unsecured ‘admin/admin’ creds to get into it. WAT
Yeah, that was my reaction. Anyways, I’ve since gone back in made the same changes and so far it has been behaving itself.
Couple questions -
- How can I get an idea of the ingress traffic into this router?
- What about ports being accessed?
If I perform a port-scan over the interwebs, I get nada. Even the router’s web UI cannot be accessed. However, there are supposed attack vectors that can be run from the WAN side - I’m just not sure what they are. I wonder if this is a task for Kali Linux/Metasploit?
I would have liked to have pfSense/Suricata to help with something like this, but I am not sure how to deal with IPS on the WAN side (being the wild-wild-web)…