J700 said:
It is better to install dropbear ssh daemon on the dreambox and do tunneling to it on port 22 using putty.
There is already a SSH daemon installed on any dreambox images I have used. I would always use SSH over telnet.
I agree on your other points, however
for myself, its a risk I'm willing to take. The convenience outweighs the risk for me.
If your not forwarding anything more than the HTTP port from your router, then the damage a potential intruder could do is limited.
In any case, what would a hacker do once he has hacked your dreambox?
Anyone who is cardsharing could have a mess on their hands if someone gets hold of their config files.
Also, lets say someone has unauthorized access to a server on the web. They could launch SSH sessions between your dreambox and the server. The originating IP address would then be your address.
There are a host of mischievous things an intruder could do beyond changing channels.
(Of course, if you are not forwarding the SSH or Telnet port, then the above examples are not possible unless your router has been compromised.)
If you ever notice your dreambox running slowly, connect to it using putty (or whatever client you use) and run the following commands.
command:
This will give you a list of active connections and where they are originating from, e.g.
output:
Code:
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 1 192.168.1.101:22 192.168.1.2:50871 ESTABLISHED
The columns are as follows....
connection type (UDP or TCP), your local address and the port thats being connect to, the address of the originating connection and port, connection status.
Pay particular attention to connections to ports 21,22,23 and 80. You should know where each of these is originating from. If you don't there is something wrong.
command:
Shows who is currently logged in, this is of limited use if an intruder is logged in as root.
output:
Code:
USER TTY IDLE FROM HOST
root pts/0 00:00m Jul 24 13:41 my.ip.address
Thats pretty self explanatory.
command:
Lists all SSH logins since the last reboot.
Again, this is of limited use. An intruder could clear the log file entries containing this info., but it may catch someone sloppy out.