brent timothy saner on 24 Mar 2009 18:35:39 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] PLUG talks --> OpenWRT ---> WRT worm now a reality

Hash: SHA1

Brian Vagnoni wrote:
> (snip)
> Mite be advisable to check you devices and re-flash with known good firmware.

(quote begins)
You are only vulnerable if:

    * Your device is a mipsel device.
    * Your device has telnet, SSH or web-based interfaces available to
the WAN
    * Your username and password combinations are weak, OR the daemons
that your firmware uses are exploitable.


Vulnerable devices

    * any linux mipsel routing device that has the router administration
interface or sshd or telnetd in a DMZ, which has weak username/passwords
(including openwrt/dd-wrt devices).
    * possibly others
(quote ends)

1. the device never left my LAN; it was only given a route out, no WAN
routes in (except over my VPN)

2, moderately strong password on it and i've firewalled off ssh access
from anything but the VPN and LAN (this was before it even was given
access to the WAN)

in short, don't worry about connecting to it for the demo as i've
secured it inside a sterile environment beforehand.

i already planned on covering security lockdown methods for it
(openWRT), and i'll be briefly mentioning this worm since it's seen some
widespread propagation recently.
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla -

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --