1 Topic by Bartman007 (edited by nbd 2009-04-05 22:26:19)

  • From: California
  • Registered: 2005-04-01
  • Posts: 252

Topic: OpenWrt & "Botnet Worm Targets DSL Modems and Routers"

Just a little clarification regarding the article [1] recently posted on /. about a stealth router-based botnet [2]:

- OpenWrt blocks any open port from the WAN side by default ;

- OpenWrt does not provide a "default" password ;

- Any device with weak passwords that can run the binary is vulnerable ;

- As far as we know, there is no core vulnerability in OpenWrt requiring a security fix.

If you opened SSH on the WAN port, ensure you use a strong password for your "root" account, or disable password authentication and rely on key based authentication.

Yours truly,
--
The OpenWrt team


1. http://it.slashdot.org/article.pl?sid=09/03/23/2257252
2. http://dronebl.org/blog/8

  • Registered: 2009-04-01
  • Posts: 11

Re: OpenWrt & "Botnet Worm Targets DSL Modems and Routers"

Bartman007 wrote:

- OpenWrt does not provide a "default" password ;

Here we go. With some security concerns...

1) As for me, it would be a good idea if, let's say, LuCI on 1st run by default will offer to create a new root's password and will not allow to proceed further with configuration without password (or at least it have to display warning and require extra confirmation). The idea is that while WAN considered to be unsafe, LAN is not always safe as well, depending on scenario.

2) Same idea goes for SSH (for those who does not uses LuCI and other web interfaces). At least, it could be good to add reminder to change password into logon greeting message.

3) As for me, running all services as root making me a bit nervous.