Posted: Thu Jul 16, 2020 23:25 Post subject: Possible Security Issue
I'm looking to talk to someone about a potential security issue i found in the some of the latest DDWRT builds. If confirmed, i see it as a serious issue. I won't post any details here as i prefer to chat to someone involved in the build and in private. Please let me know of anyone that i could talk to.
Posted: Fri Jul 17, 2020 1:35 Post subject: Firewall behavior during configuration change.
Please see the animated gif. There i have listed some of the current ddwrt configurations and the iptables firewall(in loop) displaying the current rules. You can also see that when making a change that involve the firewall a few things happen:
1 - Current state/rules of the firewall is lost. Rules are wiped(and re-created?)
2 - The iptables firewall has the default ACCEPT policy, when losing the rules, the network is exposed.
Towards the end of the gif/video, i see my current/old IPs listed in Shodan. I log syslog messages to a external custom storage and can see a huge amount of stuff that shouldn't be there.
What's the workflow for configuration changes related to iptables?
Could the current state of the firewall be saved prior to changes? And these changes be validated after implementation?(I'm thinking a "firewall watchdog", something like "A firewall with 3 rules is not a firewall, block everything" or w.e)