Default dropbear listening on WAN

Today I needed to install a precompiled OpenWRT from downloads.openwrt.org

Flashed the device.
By default, Dropbear is active and listening on all Interfaces?
By default, no password is set until I logon, set intial password?

By default, my router is on the internet with ssh root access and open for everyone?

Hi

you are wrong :slight_smile:

default OWRT firewall rule is to drop/reject anything incoming from WAN interface
so, no, your dropbear is safe :slight_smile:

3 Likes

Yes, that's true. But it does not mean, that ssh is accessible for everbody from the internet.

The access from wan is ruled by the firewall. And the default rule for incoming wan access is REJECT. So dropbear is listening on the wan interface, but no request is passed to dropbear because of the default REJECT rule.

3 Likes

omg, thanks.
For real 20 minutes my heart stopped beating / slowed down and the oxygen supply for my brain was malfunctioning.
All good! Thanks to the firewall.

Listening is one thing. Hearing anything is another thing…

It is the firewall that is the actual noise protection.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.