How To Fully Secure The Bebox

From BE Usergroup Technotes

Jump to: navigation, search

If you are worried about BE having remote access to the BEBox then you can block remote access to the BEBox.

You should also password the routers web interface to stop any potential scripted access by a malicious website.

Automated

The Automated Way

Run the usergroup created tool here:

http://beusergroup.co.uk/downloads/BEBox_Automation.exe

Technical notes for the geeks.. The above file is a self extracting RAR archive that extracts to your temporary directory.

Once extracted a file called "BE_OPTOUT.exe" is run, it is a Visual Basic 6 [for the best compatibility], SP6 built application with only text boxes, buttons and logic to run the next file.

The file run when you click one of the top three buttons is "startscript.bat". This is a simple batch file to run the next file called ts.exe which makes the change to your router. 

ts.exe is a telnet scripting program supplied by www.RouterTech.Org
More information can be found: http://www.routertech.org/viewtopic.php?t=282

Once this file has run or failed to run (depending if you have input the wrong password) a cleanup program called "ensureclosed.bat" is run which in turn runs end_ts.exe 

end_ts.exe is a simple program to ensure ts.exe has been closed
if ts.exe is left open you will end up with files left on your PC once you have
finished securing your bebox.

Click the Techies Only button at the bottom to view the commands that the telnet script runs (or just scroll down and read the Manual instructions).

Manual

You will need to enter the following commands to your Bebox via the telnet interface.

Open the command prompt, and enter the following commands (Vista users need to install telnet client using the Programs and Features --> Change windows components option). 

telnet 192.168.1.254

Username: Administrator [with a capital A]

Password: (blank by default, or what you previously set) 

service system ifdelete name=HTTPs group=wan 
service system ifdelete name=FTP group=wan 
service system ifdelete name=TELNET group=wan 
service system ifdelete name=CWMP group=wan 
saveall 
exit

You should also set your own secure password on the Bebox

Re[what do those lines actually do?]

Stealth ports 21, 23 & 443

Should for any reason you wish to unstealth these ports change ifdelete to ifadd, in the commands.

Ensure you also change the Administrator password: https://www.bethere.co.uk/web/beportal/beboxpassword

Enable or Disable Ping Replies

To disable the ping responder, you need to run this in the CLI:- 

service system ifdelete name=PING_RESPONDER group=wan

To enable the ping responder, you need to run this in the CLI:- 

service system ifadd name=PING_RESPONDER group=wan

To restrict it to certain IP addresses, run:- 

service system ipadd name=PING_RESPONDER ip=###.###.###.###
Retrieved from "http://www.beusergroup.co.uk/technotes/index.php?title=How_To_Fully_Secure_The_Bebox"
Personal tools