Re: OT: Linux kernel version in fiber modem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, 25 Dec 2021 at 07:34, Roger Heflin <rogerheflin@xxxxxxxxx> wrote:
The vendor must answer that question.  No one else knows what patches were or were not applied to that system 

Assume that bad actors and nation-state intelligence services know quite a bit about such systems,
including admin passwords and keys used for remote management.  Using such knowledge is generally
specifically targeted as too liberal usage might result in loss of attack vectors for future use.  Leaks that
expose such vectors have occurred and can then be used by botnet systems used for DNS attacks, etc. 

It can be interesting to run one of the external port scanning services like https://www.grc.com Shields Up!
These days most home internet services block internet access to incoming ports, but may use some ports
for management.
 

On Sat, Dec 25, 2021, 6:16 AM Jonathan Ryshpan <jonrysh@xxxxxxxxxxx> wrote:
On a whim I opened up the:
Legal Disclaimer Open Source Licenses
in the management page for my fiber modem (ATT installed 2021/03/30) and discovered that the kernel is rather old:
linux kernel - Version 3.4.11
There are about 163 other open source components, probably most of similar ages.

Is this a security problem?

I outlived a friend whose small engineering business did work for the US Gov't.  He started out with
typical home/small business internet, but as security requirements tighted up he was considering
moving to a cloud provider and VPN.   The effort needed to secure internet access to systems of
potential interest to "nation-state" attackers exceeds the resources of individuals and small business. 
I do have reason to believe that internet providers in areas with concentrations of individuals working
in sensitive industries get extra scrutiny (think about email admins for users with high-level security
clearances), but for most of us I would not trust home internet providers to put that level of effort into
their customer's security.

--
George N. White III

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux