DD-WRT :: View topic - router hacked?

router hacked?

DD-WRT Forum Index -> Broadcom SoC based Hardware

View previous topic :: View next topic

Author

Message

sneakyimp
DD-WRT Novice

Joined: 11 Feb 2011
Posts: 20

Posted: Wed Aug 29, 2012 2:36 Post subject: router hacked?

Today I was having trouble connecting to the internet. I restarted my cable modem numerous times with no luck. I restarted my ASUS RT-N16 running dd-wrt [DD-WRT v24-sp2 (11/21/10) big (SVN revision 15778)] and when it came back on, it had the "unsafe" password screen up and was prompting me for a password reset. I updated the password and then noticed that all of my Port Forwards are now gone.

I got to thinking -- has my router been hacked or something? Is there any way to know? Why would the password get reset?

Sponsor

PetervdM
DD-WRT User

Joined: 11 Jun 2009
Posts: 282
Location: EU

Posted: Wed Aug 29, 2012 4:49 Post subject:
probably your router ran out of nvram space, overwriting some crucial settings. after setting up again, how much nvram space is left? keep monitoring it, especially when you use wan traffic metering. _________________ now running tomato by shibby E4200v1 cfe 2010.09.20.0

sneakyimp
DD-WRT Novice

Joined: 11 Feb 2011
Posts: 20

Posted: Wed Aug 29, 2012 19:27 Post subject:
Thanks for your response. How might I check NVRAM usage? The only reference to NVRAM I've found so far in the Web GUI is Services->Services->Use NVRAM for client lease DB.

James2k
DD-WRT Guru

Joined: 23 Oct 2011
Posts: 549

Posted: Wed Aug 29, 2012 19:40 Post subject:

You can issue this via the Run Commands section in the GUI or via Telnet/SSH:

Code:

nvram show | grep free

It will report two numbers, your total nvram space in bytes and then the amount free. As your router seems to have been reset (or lost its settings) it will be an inaccurate value. You should reconfigure it to your normal settings and see if you are running out of NVRAM space
_________________
James

Main router:

Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac

IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset

Easy ipset support for the R7000

VPN speed: Download: 77.96 Mbps Upload: 5.00 Mbps (AES-128-CBC HMAC-SHA1)

Yes you can get 50 Mbps+ with OpenVPN on a R7000 if you configure it properly!

Previous routers:

ASUS RT-N66U - The Dark Knight
WNR2000v3 - Bought on the cheap for someone else, neutered crap
WNR3500Lv1 - First venture into the DD-WRT world

sneakyimp
DD-WRT Novice

Joined: 11 Feb 2011
Posts: 20

Posted: Wed Aug 29, 2012 20:19 Post subject:

Code:

root@DD-WRT:~# nvram show | grep free
size: 25639 bytes (7129 left)

Ouch. That doesn't seem like much at all. What happens when you try to exceed this value? Do you get memory corruption due to a buffer overflow or does it crash the router?

Seems a bit scary that all of my settings (including password) got wiped.

barryware
DD-WRT Guru

Joined: 26 Jan 2008
Posts: 13049
Location: Behind The Reset Button

Posted: Wed Aug 29, 2012 20:26 Post subject:

sneakyimp wrote:

Code:

root@DD-WRT:~# nvram show | grep free
size: 25639 bytes (7129 left)

that is over 7k free.. that is plenty.

maybe more was used when the router was fully configured.

config it again.. and check as you go.

if you exceed the nvram space with config data, many things can happen but the router resetting to defaults is a common symptom.
_________________
[Moderator Deleted] Shocked

James2k
DD-WRT Guru

Joined: 23 Oct 2011
Posts: 549

Posted: Wed Aug 29, 2012 20:34 Post subject:

Yeah remember that number is bytes. 7000 bytes is plenty. I'd be starting worrying if your NVRAM space is less than 1000.

You need to reconfigure your router to how it was setup to get an accurate measure of your NVRAM space usage.

Off the stop of my head, areas that can bump your NVRAM space straight up are:

Large startup scripts & firewall scripts
Traffic Data
OpenVPN keys and certificates
Large DHCP Static Client table
_________________
James

Main router:

Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac

IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset

Easy ipset support for the R7000

VPN speed: Download: 77.96 Mbps Upload: 5.00 Mbps (AES-128-CBC HMAC-SHA1)

Yes you can get 50 Mbps+ with OpenVPN on a R7000 if you configure it properly!

Previous routers:

ASUS RT-N66U - The Dark Knight
WNR2000v3 - Bought on the cheap for someone else, neutered crap
WNR3500Lv1 - First venture into the DD-WRT world

wetpaint
DD-WRT Novice

Joined: 30 Sep 2007
Posts: 12

Posted: Mon Sep 03, 2012 18:34 Post subject:
FYI I had the same problem with my RT-N16, it was fixed by doing a complete wipe down of the NVRAM as per http://www.dd-wrt.com/wiki/index.php/Hard_reset_or_30/30/30 and then starting again from scratch, I haven't had that problem since

Display posts from previous:

Page 1 of 1

DD-WRT Forum Index -> Broadcom SoC based Hardware

All times are GMT

Navigation

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

Log in

router hacked?

Quick Links

Log in