OpenWrt Forum Archive

Topic: OpenWrt & "Botnet Worm Targets DSL Modems and Routers"

The content of this topic has been archived on 25 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
Bartman007
25 Mar 2009, 03:34

Just a little clarification regarding the article [1] recently posted on /. about a stealth router-based botnet [2]:

- OpenWrt blocks any open port from the WAN side by default ;

- OpenWrt does not provide a "default" password ;

- Any device with weak passwords that can run the binary is vulnerable ;

- As far as we know, there is no core vulnerability in OpenWrt requiring a security fix.

If you opened SSH on the WAN port, ensure you use a strong password for your "root" account, or disable password authentication and rely on key based authentication.

Yours truly,
--
The OpenWrt team


1. http://it.slashdot.org/article.pl?sid=09/03/23/2257252
2. http://dronebl.org/blog/8

(Last edited by nbd on 5 Apr 2009, 22:26)

Post #2
Drone
19 Aug 2009, 11:22
Bartman007 wrote:

- OpenWrt does not provide a "default" password ;

Here we go. With some security concerns...

1) As for me, it would be a good idea if, let's say, LuCI on 1st run by default will offer to create a new root's password and will not allow to proceed further with configuration without password (or at least it have to display warning and require extra confirmation). The idea is that while WAN considered to be unsafe, LAN is not always safe as well, depending on scenario.

2) Same idea goes for SSH (for those who does not uses LuCI and other web interfaces). At least, it could be good to add reminder to change password into logon greeting message.

3) As for me, running all services as root making me a bit nervous.

The discussion might have continued from here.