DD-WRT v24-sp2 security compromised

Post new topic   Reply to topic    DD-WRT Forum Index -> Ralink SoC based Hardware
Author Message
tk3000
DD-WRT Novice


Joined: 22 May 2012
Posts: 4

PostPosted: Sat Jun 23, 2012 23:04    Post subject: DD-WRT v24-sp2 security compromised Reply with quote
Hello,
I have an Asus RT-N13U with a flash drive hooked the usb port with the following firmware installed: DD-WRT v24-sp2 (12/20/11) std with optware installed and a few optware packages (samba, httpd, etc). It was working primarely as a webserver, but some criminal managed to break into it and erased my index.html files. Does anyone know about any vulnerability with one its tiny webservers? Also the native/standard webserver was compromised since the configuration were largely altered. I am relatively well versed in iptables and there was not remote access to the router web graphical interface itself, but there were ssh access to router; and even the sshd access were protected against brute force attack and many unsuccessful tries would simply lock the ip from any further attampt to log on the routers sshd:

/usr/sbin/iptables -I INPUT -p tcp --dport 32 -m state --state NEW -m recent --set
/usr/sbin/iptables -I INPUT -p tcp --dport 32 -m state --state NEW -m recent --update --seconds 120 --hitcount 3 -j DROP.

Such small devices have a very small footprint and tiny small versions of mainstream servers and does not seem to get updated as often, would that be a no-no to use them as regular webserver?
Thanks
tk3000
Sponsor
checho
DD-WRT Guru


Joined: 27 Feb 2007
Posts: 527
Location: Bulgaria

PostPosted: Thu Jun 28, 2012 19:39    Post subject: Reply with quote
That is a very interesting topic. First, can you say if your root password was easily guessed? Second, what about the content that was on the server, i mean, the criminal might have arrived because of vulnerability in some web page script that had been hosted.
tk3000
DD-WRT Novice


Joined: 22 May 2012
Posts: 4

PostPosted: Fri Jun 29, 2012 7:36    Post subject: Reply with quote
checho wrote:
That is a very interesting topic. First, can you say if your root password was easily guessed? Second, what about the content that was on the server, i mean, the criminal might have arrived because of vulnerability in some web page script that had been hosted.


Chances are if one got to the extent of creating a customized refined iptables scripts one would not create any obvious password. It would be close to impossible to guess the password it is very strong. The pages consist of HTML and Javascript code for things such as bottons,etc. HTML description tags are rendered on the client, and javascrip code interpretation/computation also takes place on the client side.

I can only think about some vulnerability on the tiny small webserver, I don't even have logs for webserver so can't check anything.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Ralink SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum