BT has been accused of hiding a government back-door in modems provided to broadband customers
UK government, Chinese government or both? (as well as the USA)
I have to say I always considered a back door a possibility and it's one of the reasons I don't use the Openreach modems (on four FTTC services I manage)
When I got the first Openreach modem I unlocked it before using it for service (with just a single computer connected to it on LAN2) and immediately noticed VLAN301 and its 30.x.x.x IP address. I immediately disabled this as a potential security threat (something which can be done with unlocked firmware). This does, of course, block ISP helpdesk access to the modem via TR-069 but I can live with that.
On the "more important" connections I manage I run a separate firewall internal to the VDSL modem/router which handles all NAT, access control and VPN encryption. I run a number of 'tripwires' on the firewalls to detect intrusion attempts and block all
traffic from external sites which seem to be probing (address space, port space and certain specific protocols). This includes blocking access to services which continue to be open to the public internet at large.
A quick scan of one firewall status shows 21 sites currently blocked by tripwire activation.
As an additional security measure, no remote VPN site that doesn't have its own dedicated firewall can initiate inbound VPN connections and traffic to the main sites.
I may just be paranoid, of course
Edited by caffn8me (Tue 17-Dec-13 22:56:16)