Posted: Sat Jun 23, 2012 23:04 Post subject: DD-WRT v24-sp2 security compromised
Hello,
I have an Asus RT-N13U with a flash drive hooked the usb port with the following firmware installed: DD-WRT v24-sp2 (12/20/11) std with optware installed and a few optware packages (samba, httpd, etc). It was working primarely as a webserver, but some criminal managed to break into it and erased my index.html files. Does anyone know about any vulnerability with one its tiny webservers? Also the native/standard webserver was compromised since the configuration were largely altered. I am relatively well versed in iptables and there was not remote access to the router web graphical interface itself, but there were ssh access to router; and even the sshd access were protected against brute force attack and many unsuccessful tries would simply lock the ip from any further attampt to log on the routers sshd:
/usr/sbin/iptables -I INPUT -p tcp --dport 32 -m state --state NEW -m recent --set
/usr/sbin/iptables -I INPUT -p tcp --dport 32 -m state --state NEW -m recent --update --seconds 120 --hitcount 3 -j DROP.
Such small devices have a very small footprint and tiny small versions of mainstream servers and does not seem to get updated as often, would that be a no-no to use them as regular webserver?
Thanks
tk3000
That is a very interesting topic. First, can you say if your root password was easily guessed? Second, what about the content that was on the server, i mean, the criminal might have arrived because of vulnerability in some web page script that had been hosted.
That is a very interesting topic. First, can you say if your root password was easily guessed? Second, what about the content that was on the server, i mean, the criminal might have arrived because of vulnerability in some web page script that had been hosted.
Chances are if one got to the extent of creating a customized refined iptables scripts one would not create any obvious password. It would be close to impossible to guess the password it is very strong. The pages consist of HTML and Javascript code for things such as bottons,etc. HTML description tags are rendered on the client, and javascrip code interpretation/computation also takes place on the client side.
I can only think about some vulnerability on the tiny small webserver, I don't even have logs for webserver so can't check anything.