Its super common that the router vendor supplied firmware is OpenWRT rebranded. You will find that invariably, the factory firmware of most SOHO devices run linux. My main source of info has been Michael Horowitz’s site.Ĭustom firmwares seem to be larger than the default and that the use of Linux kernels (AFAIK) can make them more susceptible Sorry for bombarding you with all these questions–it’s just that router security has always been a main concern and I’ve never gotten a hold of someone with the relevant expertise. What about hardware firewalls? Are they overkill for individuals?
#Dd wrt firewall builder professional#
Since you seem like a router buff, what are your thoughts on taking a tiny distro like Alpine Linux and making an RPi router, maybe with VPN? How would that compare to a DD-WRT SOHO or a more professional router? I’m even exploring RPi routers, which is a nice segue for my questions: This is why I’m beginning to lean towards security-focused commercial brands instead of SOHOs with DD-WRT. AFAIK Open-WRT is far smaller than DD-WRT in that regard.Īs a non-technical person, I can’t take most of the measures you described, so trust is also a big factor. It’s the ones packaging them for mass deployment that leaves me wondering. To be clear: this isn’t an attack on the WRT community writ large. But then I haven’t really looked into the issue much further. One just can’t help but wonder who, if anyone, keeps an eye on all of these builds for all of these routers, and what sustains such a massive operation. DD-WRT firmware is updated frequently, to the tune of multiple betas per month. Now it’s some other maintainer (it’s a mess). For example, DD-WRT was maintained by Kong for a long time–every router had a Kong build. On top of that, another ‘attack surface’ is the maintainer. As usual, I must stress my lack of technical knowledge, as well as the fact that I was explicitly speculating. I didn’t make a claim that there are hardware vulnerabilities in WRT devices (open- or DD-) what I was saying is that these custom firmwares seem to be larger than the default and that the use of Linux kernels (AFAIK) can make them more susceptible. But by using a robust threat model and countermeasures (such as above) one would hope that if something goes awry because of that, its going to be noticed. That is a downside to commodity hardware. Usually the ports you see are attached to a single switch and only VLANs are separating them. The firewall configuration is monitored on a very regular basis and alerts on any changes. The router itself has no outbound permissions in the firewall other than what I have specifically poked (DNS, for example). The public facing firewall is completely locked down to not allow any inbound connections. Then I have remote logging of things like SSH logins and other events. I couple that with some personal security measures, such as remote sha256sum hashing to attest to the state of every file in the rom, overlay partition and configuration systems ( a kinda poor mans IDS ). I then build OpenWRT locally for this specific device and flash the built ROM.
#Dd wrt firewall builder drivers#
My personal approach is to use commodity hardware with open source drivers available, that supports hardware flow offloading (eg: MT7621A). I think makes a good point re security of a router, but again threat model needs to be considered. I have a finger in the openWRT pie so am very keen to understand if there are some hardware vulnerabilities of devices that you are aware of, which may provide remote access when using custom firmware. Any links to this position? the edit you made links to TA18-106A which is more about default credentials with Telnet/TFTP, SNMP/SMI and “EOL” firmware. Even for routers flashed with DD-WRT or some other custom firmware, I bet the attack surface is non-negligible
0 kommentar(er)
