DD-WRT Root exploit posted today

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3 ... 13, 14, 15
Author Message
yzy-oui-fi
DD-WRT Guru


Joined: 03 Mar 2009
Posts: 2826
Location: France

PostPosted: Tue Feb 09, 2010 16:00    Post subject: Reply with quote
to be clear ... when i talk about Redmond education, this is not about the product, but the policy of "assistance" (i'm not sure about the correct english tranlation). I mean User is treat as dummy, always need to be assist, so as result users could become nut never thinking by themself, always waiting for someone to do things for them.
_________________
DD-WRT WDS MESH + DASHBOARD (fr), DD-WRT network setting tool (tools.yzy-oui-fi.com), Wifi Business and IT guy After hours, My Blog, Free DD-WRT VPN Community(www.wrt-pptp-ww.com), DD-WRT pré-réglés pour réseau outdoor(hotspot.yzy-oui-fi.com), Nouveau Forum DD-WRT francophone
Sponsor
OB1
DD-WRT Novice


Joined: 22 Jul 2009
Posts: 25

PostPosted: Wed Feb 10, 2010 7:16    Post subject: Reply with quote
yzy-oui-fi wrote:
to be clear ... when i talk about Redmond education, this is not about the product, but the policy of "assistance" (i'm not sure about the correct english tranlation). I mean User is treat as dummy, always need to be assist, so as result users could become nut never thinking by themself, always waiting for someone to do things for them.


Hey, fine with me Smile just willing to make a point,
nothing more and the point is that... there's no
need for a flame; if the folk didn't notice there
was a vuln in DD-WRT till now then... up to him,
as long as he doesn't make it up with the DD-WRT
team which, all in all, fixed the hole time ago
AND sent around announces (heck, the issue was
disclosed and discussed around quite a lot at the
time); aside from that, I agree about the fact that
a lot of users are expecting to go on "autopilot"
and don't want to "think" Very Happy yet some kind of
automatic "notice checker" embedded into DD-WRT
would imVVHo be a good thing; there aren't just
"lazy admins" around, there are "busy admins" too
and while this doesn't justify them I may understand
how things may "slip"
autobot
DD-WRT Guru


Joined: 07 May 2009
Posts: 1596

PostPosted: Wed Feb 10, 2010 8:19    Post subject: Reply with quote
*edited out, post was smoking*

There should be a method of notification when necessary (opted by each user of course), if only in the paid version. Security flaws are sort of a big deal, this is how companies like Redhat stay in business....notifications and patches to security flaws/vulnerabilities. DD-WRT paid is no different, or at least if shouldn't be.

_________________
Eko Builds

BrainSlayer Builds

DD-WRT Changelog RSS Feed
Skillz
DD-WRT User


Joined: 19 Dec 2007
Posts: 66

PostPosted: Mon Aug 23, 2010 22:44    Post subject: Reply with quote
Is it possible to tell if you've been a victim of this exploit? I got a warning from my ISP stating that my IP has been logged brute forcing accounts on another server. I'm 99.9% sure it's not one of my computer nodes, but I believe it might be the router that is doing this. How can I tell? Would updating the router solve the issue as well as clean it of any harm that may have already been done?
autobot
DD-WRT Guru


Joined: 07 May 2009
Posts: 1596

PostPosted: Mon Aug 23, 2010 23:15    Post subject: Reply with quote
Skillz wrote:
Is it possible to tell if you've been a victim of this exploit? I got a warning from my ISP stating that my IP has been logged brute forcing accounts on another server. I'm 99.9% sure it's not one of my computer nodes, but I believe it might be the router that is doing this. How can I tell? Would updating the router solve the issue as well as clean it of any harm that may have already been done?


What servers IP address? I heard MDW (mydroidworld) got attacked by DDOS a couple of days ago.

_________________
Eko Builds

BrainSlayer Builds

DD-WRT Changelog RSS Feed
Skillz
DD-WRT User


Joined: 19 Dec 2007
Posts: 66

PostPosted: Tue Aug 24, 2010 0:20    Post subject: Reply with quote
I will have to look when I get back home, don't remember it by name. My ISP took my Internet down, so I went to a friends house. I updated the FW on my router to the latest version, just hoping their isn't some kind of rootkit on the router now, since this essentially gives them full control over it.

I think the IP started with a 62., I will post it up when I get home. Kind of curious on who's network it is myself.

They told me it was just doing port scans and brute force attacks on port 22 (SSH)
Skillz
DD-WRT User


Joined: 19 Dec 2007
Posts: 66

PostPosted: Tue Aug 24, 2010 2:44    Post subject: Reply with quote
The IP was 62.12.131.xxx
zoran
DD-WRT User


Joined: 19 Jul 2010
Posts: 97

PostPosted: Tue Aug 24, 2010 4:20    Post subject: Reply with quote
Skillz wrote:
Is it possible to tell if you've been a victim of this exploit? I got a warning from my ISP stating that my IP has been logged brute forcing accounts on another server. I'm 99.9% sure it's not one of my computer nodes, but I believe it might be the router that is doing this. How can I tell? Would updating the router solve the issue as well as clean it of any harm that may have already been done?


The original post was dated back year and more ago. Do you have
new insight of the problem? At least, how did you connect
it to the message you got?
jrg
DD-WRT Novice


Joined: 25 Aug 2010
Posts: 3

PostPosted: Sun Aug 29, 2010 12:47    Post subject: Reply with quote
2disbetter wrote:

I mean look at this forum, the wiki, the main page. I think this firmware is extremely well documented and taken care of. (all things considered)


Almost too well documented, too much (conflicting, out of date) documentation!

It would be nice to have (and this is easy for me to say, as a mere non-contributing user):

    - an RSS feed, supplying only security advisories
    - an RSS feed, supplying all new software release information (fixed, new, etc.)


that way those of us who aren't actively reading the DD-WRT website and forums day in, day out, can get a notification in our favourite RSS feed reader (or, with rss2email tools, if you like email*) when there's something that needs everyone's attention.

(* I like email too, but I get a lot of it. Sometimes, for a specific bit of software I'm actively using, I like to have another means of seeing 'important news'.)
buddee
DD-WRT Guru


Joined: 06 Feb 2010
Posts: 7401
Location: Little Rock

PostPosted: Sun Aug 29, 2010 13:15    Post subject: Reply with quote
jrg wrote:
2disbetter wrote:

I mean look at this forum, the wiki, the main page. I think this firmware is extremely well documented and taken care of. (all things considered)


Almost too well documented, too much (conflicting, out of date) documentation!

It would be nice to have (and this is easy for me to say, as a mere non-contributing user):

    - an RSS feed, supplying only security advisories
    - an RSS feed, supplying all new software release information (fixed, new, etc.)


that way those of us who aren't actively reading the DD-WRT website and forums day in, day out, can get a notification in our favourite RSS feed reader (or, with rss2email tools, if you like email*) when there's something that needs everyone's attention.

(* I like email too, but I get a lot of it. Sometimes, for a specific bit of software I'm actively using, I like to have another means of seeing 'important news'.)


Not sure what is wrong with this RSS feed, but you might try it, may even like it!

http://svn.dd-wrt.com:8000/dd-wrt/timeline?format=rss&max=50&daysback=90&changeset=on&wiki=on

_________________
Wireless N Config | Linking Routers | DD-WRT Wiki | DD-WRT Builds | Peacock - Broadcom FAQ

Having problems with port forwarding? Check out Port Forward Troubleshooting for more info.
autobot
DD-WRT Guru


Joined: 07 May 2009
Posts: 1596

PostPosted: Sun Aug 29, 2010 17:44    Post subject: Reply with quote
buddee wrote:
jrg wrote:
2disbetter wrote:

I mean look at this forum, the wiki, the main page. I think this firmware is extremely well documented and taken care of. (all things considered)


Almost too well documented, too much (conflicting, out of date) documentation!

It would be nice to have (and this is easy for me to say, as a mere non-contributing user):

    - an RSS feed, supplying only security advisories
    - an RSS feed, supplying all new software release information (fixed, new, etc.)


that way those of us who aren't actively reading the DD-WRT website and forums day in, day out, can get a notification in our favourite RSS feed reader (or, with rss2email tools, if you like email*) when there's something that needs everyone's attention.

(* I like email too, but I get a lot of it. Sometimes, for a specific bit of software I'm actively using, I like to have another means of seeing 'important news'.)


Not sure what is wrong with this RSS feed, but you might try it, may even like it!

http://svn.dd-wrt.com:8000/dd-wrt/timeline?format=rss&max=50&daysback=90&changeset=on&wiki=on


There is a link in my signature also Wink

_________________
Eko Builds

BrainSlayer Builds

DD-WRT Changelog RSS Feed
jrg
DD-WRT Novice


Joined: 25 Aug 2010
Posts: 3

PostPosted: Mon Aug 30, 2010 13:05    Post subject: Reply with quote
autobot wrote:
There is a link in my signature also ;)


yes, there is, and I'd spotted that already and looked at it, but it's not really all that useful to anyone not intimately familiar with the source code and actively working on the project - it's a (terse) source code commit log coming out of TRAC.

As far as I can tell the builds are being created at certain changeset points, but there's nothing that seems to even accumulate those changeset messages. Even something that said:

28/07/2010
new build svn14853 includes:
14849 - override firewall for this interface if aoss is running
14850 - some spanish tran update, thx samueldg
14851 - adjusted channel selection in setup assistant
14852 - for US-EU only builds
14853 - ddns: this seems to work OK, tested with # and ( ...

could help (I suspect it would be far more useful to most of us than seeing all the commits as they are made). If there is something like this then I've not yet found anyone referring to it.

Instead, forum threads for each new build consist of people randomly testing to see if their own problems have been "magically" solved.

Don't misunderstand me - I'm glad that people are doing all this work on this project (it's certainly just helped me get some better use out of hardware crippled by a vendor's own software), but I think a whole lot of everyone's time could be saved in forum reading, posting, and wiki-searching/reading, if there were an authoritative feed of new builds and what they aim to fix.

But, coming back to the main discussion of this thread, about notification of security vulnerabilities.

Every OSS project ought to have a clearly identified place where such notifications will be made, and clear mechanisms for users to be proactively informed (be that a specific security announcement mailing list, RSS feeds - preferably several ways.) A source code commit log isn't it.
Goto page Previous  1, 2, 3 ... 13, 14, 15 Display posts from previous:    Page 15 of 15
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum