1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is DD-WRT a 3rd party firmware thats safe from hackers?

Discussion in 'DD-WRT Firmware' started by aholodak, May 15, 2006.

  1. aholodak

    aholodak LI Guru Member

    Is DD-WRT safe from hackers? I want to use it if I'm mistaken, but here the situation:

    I flashed my WRT54G v4 from Linksys firmware to DD-WRT v23 RC6 mini then standard.

    To make sure this firmware was secure I used PuTTy and connected to my router and noticed its listening on (universal IP) on port 80, 22, 23, 5431.

    I used PuTTy remotely and connected to my internet IP address and was able to get through on a port 80 connection. I ran a netstat -l command and found the ports listed above listening on universal IPs.

    So I disabled all of the webbased connection features and tried again and still got through. (Connecting from a friends house using PuTTy on a RAW port 80 connection to my IP address)

    Maybe its a setting I had or its an open door to a hacker in the firmware, I love the firmware because it fixed all my connectivity issues and wired connection drops.

    So, I tried downgrading to the Linksys 4.20.7 firmware and tried connecting to the port 80 and it was refused, so were all the other connections.

    Was it a setting in DD-WRT that I missed or is it a security problem with the firmware?

    So my question is why does DD-WRT accept inbound connections to mess with the router from instead of (or
  2. aholodak

    aholodak LI Guru Member

    renamed and:
  3. BigDog_UMG

    BigDog_UMG Network Guru Member

    After you flashed with DD_WRT did you do a factory reset or press and hold the reset button for 30 seconds? This flushes NVRAM and can cause strange behavior if not done.
  4. BassKozz

    BassKozz Network Guru Member

    Do you have "remote administration" enabled?
  5. bytes2000

    bytes2000 Network Guru Member

    All my ports are stealth.

    But ...

    ports forwarded are "closed".

    tested with shieldsup @ www.grc.com

    Just disable remote administration and enable your firewall
  6. SAPo57

    SAPo57 Network Guru Member

    My WRT54GS with the DD-WRT v.23 mini firmaware was recenlty hacked and compromised for 3 days, the hacker even installed a new firmware of his own to open applications to remotely access programs,etc. on the PC's in my LAN.

    It was either a system monitor spyware that gave out my password and login info. to the hacker or it could have been what you said.

    Check out my "story time?=debricking stopped the HACKER's control=" post in the General Discussion forum.
  7. aholodak

    aholodak LI Guru Member

    I was pretty certain I had disabled remote administration and all remote settings. I just got nervous because the thing between you and hackers and the Internet is your router, and became worried since its a 3rd party firmware and its possible it was programmed to allow a backdoor connection into your network.

    I did do a hard reset and reset to defaults after upgrading to DD-WRT.

    I've heard of SVEASOFT based firmwares to have these problems by doing some Google searches.

    For those of you using DD-WRT check whats listening on your router by logging on to it via port 80 connection and doing a netstat - L command. Let me know if you have a different result, cause i'd love to use this firmware.
  8. vincentfox

    vincentfox Network Guru Member

    Dude, it is not useful to check what is listening ON THE ROUTER. You can have any number of program listening on the WAN port, it doesn't matter if the firewall is up.

    As previously noted use one of the many web sites that will scan your IP to find out if "shields are up" so to speak.
  9. michaels7671

    michaels7671 LI Guru Member

    I concur with vincentfox, just use one of the many port scanners that are out there, to find exploits in your security. I use http://www.dslreports.com/scan

    But there are many others out there to use. Good luck.
  10. bytes2000

    bytes2000 Network Guru Member

    Dont forget to change default password!!

    If you are not using security like:

    (MAC Filter *basic security, at least WEP *weak) they can access your network and use a dictionary/bruteforce attack against your router and gain admin privileges)

    I use:
    • No remote administration
    • Wireless GUI Access: Disabled
    • Mac filter
    • WPA/PSK-tkip
    • A nice GUI password with 14+ characters (Always change it after upgrading firmware)
  11. BigDog_UMG

    BigDog_UMG Network Guru Member


    Just curious, what is the reason behind changing the password with firmware upgrade? Just making sure it's changed often?
  12. bytes2000

    bytes2000 Network Guru Member

    Because everybody knows the default password!!!

    even your neighbour knows the default dd-wrt password its: root / admin

    :eek: Anybody can connect to and manage an unprotected WRT54G/GS with or without dd-wrt/hyperwrt/talisman/....
  13. BigDog_UMG

    BigDog_UMG Network Guru Member

    OK. I miss understood. I never use the default password. I use a personal password. I assumed you were saying 'use a different personal password.' :thumb:
  14. aholodak

    aholodak LI Guru Member

    But isn't it possible there is a magic password in the firmware made by the programmer? So the default password wouldn't matter. I've heard of similar things with SVEASOFT based firmwares.
  15. gotamd

    gotamd Network Guru Member

    Not if it's open-source and people have compiled it themselves and compared the MD5 sums to the ones of the downloadable binaries.

    That said, I trust BrainSlayer, so I haven't done it :thumb:

Share This Page