I have just helped a neighbour who has switched to Trustpower Kinect install the ADSL modem that was supplied. I was rather surprised to see the following:
1 The admin username and password were left at the default 2 uPnP was enabled, and accessible over the internet (see http://upnp-check.rapid7.com/ or http://www.grc.com ) 3 The firewall was not enabled, and telnet, SSH, FTP and various other services were exposed.
Am I right to be worried about the level of care that Trustpower are taking with their customers?
Okay If you have a dynalink router provided by your isp, enable the firewall and switch off wan admin access
Thats the best I will do. If frieatism wants me to name the ISP then i will, but i would rather not.
If i am at a customer site and needing to replace the router, but dont want to call the ISP for a password reset on their ppp username, i just log into the router config page using firefox and view source on the html - works for about 50% of the routers out there where the password is in plaintext in the html, but the browser only shows stars.