Network Security - confusion over recent postings

[Groundhound]

It is always kewl to rail on the new guy, especially by "community vested" folks who think they have all the answers and who think that their tenure is subject to compromise by the new guy. But the fact of the matter is that YOU guys are completely WRONG about this and are thus CONTRIBUTING to the problem.

And while you're at it, look at my contributions here in this SHORT time that I've been here, do I come across as a kook to you? In fact, I am ONLY posting here because of what I discovered and not because I don't have better things to do with my time. But don't worry, eventually I will leave - taking all my knowledge and experience with me - and you guys can have your leeettle corner of the Net back.

Sorry if you interpret my questions as railing on you. I didn't intend for them to seem as an attack and they were not rhetorical.

[dknyinva]

I hope indie_dev doesn't mention in the threat report that he submitted to 3 security sites about being able to access a private network address 172.27.x.x from the Internet

[caseybea]

The sky is falling! The sky is falling!

[Aveamantium]

indie_dev, no one here is "railing" on the new guy... You seem to get defensive every time someone offers up a differing opinion! Relax, and let's all just work through this together.

[indie_dev]

I hope indie_dev doesn't mention in the threat report that he submitted to 3 security sites about being able to access a private network address 172.27.x.x from the Internet

You - like most - CLEARLY do not understand the issue then if thats what you think this is all about. Implying that I don't know the differences between an internal and external LAN subnet is the sort of insult and arrogance that makes people just stop sharing.

You know, admitting that you have no clue is not a sign of weakness or incompetence.

I'm just not going to bother with this any longer. Anyone who finds value in my posts will take it for what its worth and go from there. So for me, this matter is closed and thus my time here is at an end.

[southsound]

The resident raccoon thinks we all ought to gather at my property around a nice camp fire, have some burnt hot dogs and s'mores, tell each other how much we like them and maybe join in a chorus or two of Kumbaya.

Just my humble opinion. Too many nice people allowing this thread to get "less than nice."

[dknyinva]

I hope indie_dev doesn't mention in the threat report that he submitted to 3 security sites about being able to access a private network address 172.27.x.x from the Internet

You - like most - CLEARLY do not understand the issue then if thats what you think this is all about. Implying that I don't know the differences between an internal and external LAN subnet is the sort of insult and arrogance that makes people just stop sharing.

You know, admitting that you have no clue is not a sign of weakness or incompetence.

I'm just not going to bother with this any longer. Anyone who finds value in my posts will take it for what its worth and go from there. So for me, this matter is closed and thus my time here is at an end.

I do apologized for making fun of you and by no means insulting your intelligence. If you would step back and read through all you posting, you would realized that posting in BOLD letters accusing ooma of producing a insecure product is and not only damaging, but scare other users away. Myself and another user tommies replied to your post wondering if you realized that a 172.27.x.x is a private network address and could not be accessed from the Internet, but instead you dodge the questions and get offended when all we are trying to do is offering an opinion. I hope you stick around because none of us here are expert, but willing to share knowledge and possibly challenge each others to better ourselves.

Good Luck

[amoney]

The sky is falling! The sky is falling!

I cant help but chuckle, threads need good humor. Thank you for the relief!

[tommies]

So I have filled out a threat report and submitted to three security sites that I work with. So there, you folks in denial will probably put more stock into this once this is propagated across the Net.

Once upon a time, I spent between 2 & 3 hour a day reading through those security reports from newletters and usegroups.

I will be greatly appreciated if you post the link to your reports or at least the links to the sides that your reports is sent to. If my brain still serves me, all security thread report will be forwarded to the responsible party--ooma engineers in this instance. If you had done what you said, ooma engineers should have your reports on hand by now. After a fix is issued, your report will be release to all to see. There is no need to grandstanding and/or chest thumping.

Sincerely yours,

[mrjagster]

All I can say is wow.

Well not exactly...In early ooma days I had a lot of trouble with the modem-ooma-router configuration, which by the way was the preferred configuration according to ooma. So I read in the forums that if you were having trouble switch to modem-router-ooma. I never once thought about security or the DMZ. I assumed the router protected everything downstream from it, and I still think that way, I think. I don't use the DMZ or QoS.I am relatively happy with the results, and I'm network ignorant.