InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

confused about new option (WAN IP € local)

https://forums.informaction.com/viewtopic.php?t=4828

Page 1 of 1

confused about new option (WAN IP € local)

Posted: Sat Aug 07, 2010 7:51 pm
by Czerno
Hi ! While I understand the " WAN IP (x.x.x.x) E LOCAL " is to do with protection against DNS rebinding attacks against local routers (and more), I am confused as whether the protection against trying to access my router locally through the WAN IP is granted when the above mentioned option is CHECKED (as seems to be default) or should it be UNCHECKED ????

Experiment : when checked, I seem to be able to locally access the router (assuming I remember the password!) without interference from NoScript , whereas when unchecked, I have to ask NoScript to unlock the page first, then enter the password. So, I guess, /unchecked/ is what that option wants to be, please confirm and then, why is the default setting the unsafe one ? BICBW !


--
Czerno

Re: confused about new option (WAN IP € local)

Posted: Sat Aug 07, 2010 9:53 pm
by Giorgio Maone
The page locked/unlocked is independent from this option and this protection feature (I'm not sure about what you mean by "locked" here).
This option definitely needs to be left checked in order to protect your router.

Re: confused about new option (WAN IP € local)

Posted: Sun Aug 08, 2010 8:53 am
by Czerno
Giorgio Maone wrote:This option definitely needs to be left checked in order to protect your router.
Makes sense, thank you Giorgio !
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited