Possible Security Issue

Post new topic   Reply to topic    DD-WRT Forum Index -> Generic Questions
Author Message
iguy0
DD-WRT Novice


Joined: 10 May 2020
Posts: 2

PostPosted: Thu Jul 16, 2020 23:25    Post subject: Possible Security Issue Reply with quote
Hi,

I'm looking to talk to someone about a potential security issue i found in the some of the latest DDWRT builds. If confirmed, i see it as a serious issue. I won't post any details here as i prefer to chat to someone involved in the build and in private. Please let me know of anyone that i could talk to.

Thank You
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Thu Jul 16, 2020 23:40    Post subject: Reply with quote
Post it here.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
iguy0
DD-WRT Novice


Joined: 10 May 2020
Posts: 2

PostPosted: Fri Jul 17, 2020 1:35    Post subject: Firewall behavior during configuration change. Reply with quote
Please see the animated gif. There i have listed some of the current ddwrt configurations and the iptables firewall(in loop) displaying the current rules. You can also see that when making a change that involve the firewall a few things happen:

1 - Current state/rules of the firewall is lost. Rules are wiped(and re-created?)
2 - The iptables firewall has the default ACCEPT policy, when losing the rules, the network is exposed.

Towards the end of the gif/video, i see my current/old IPs listed in Shodan. I log syslog messages to a external custom storage and can see a huge amount of stuff that shouldn't be there.

What's the workflow for configuration changes related to iptables?

Could the current state of the firewall be saved prior to changes? And these changes be validated after implementation?(I'm thinking a "firewall watchdog", something like "A firewall with 3 rules is not a firewall, block everything" or w.e)

What do you think is happening?!

Thank You
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Fri Jul 17, 2020 2:21    Post subject: Reply with quote
You do not flash and configure DD-WRT with the router connected to the network and in service - and you always REBOOT after making changes, especially ones to the firewall. I removed your huge ass animated gif because obviously you have not read forum rules and guidelines about image sizes.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Generic Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum