Posted: Thu Jul 16, 2020 23:25 Post subject: Possible Security Issue
Hi,
I'm looking to talk to someone about a potential security issue i found in the some of the latest DDWRT builds. If confirmed, i see it as a serious issue. I won't post any details here as i prefer to chat to someone involved in the build and in private. Please let me know of anyone that i could talk to.
Posted: Fri Jul 17, 2020 1:35 Post subject: Firewall behavior during configuration change.
Please see the animated gif. There i have listed some of the current ddwrt configurations and the iptables firewall(in loop) displaying the current rules. You can also see that when making a change that involve the firewall a few things happen:
1 - Current state/rules of the firewall is lost. Rules are wiped(and re-created?)
2 - The iptables firewall has the default ACCEPT policy, when losing the rules, the network is exposed.
Towards the end of the gif/video, i see my current/old IPs listed in Shodan. I log syslog messages to a external custom storage and can see a huge amount of stuff that shouldn't be there.
What's the workflow for configuration changes related to iptables?
Could the current state of the firewall be saved prior to changes? And these changes be validated after implementation?(I'm thinking a "firewall watchdog", something like "A firewall with 3 rules is not a firewall, block everything" or w.e)
Joined: 08 May 2018 Posts: 14101 Location: Texas, USA
Posted: Fri Jul 17, 2020 2:21 Post subject:
You do not flash and configure DD-WRT with the router connected to the network and in service - and you always REBOOT after making changes, especially ones to the firewall. I removed your huge ass animated gif because obviously you have not read forum rules and guidelines about image sizes. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net