Major<?> Security Problem Found?

Discussion in 'DD-WRT Firmware' started by wiz561, Apr 17, 2005.

  1. wiz561

    wiz561 Network Guru Member


    OK, please forgive me if I'm doing something wrong. I'm a little new here, so let me know if I'm doing something wrong. My background is in cyber-security, so I pretty much try to check everything over to make sure things are secure... But onto the problem...

    I'm running the wrtg54g v2.2 router with the Firmware version: DD-WRT #22 (prefinal3.2). Inside the configuration, I have disabled remote management, enabled telnet and https (in the daemon section, not the remote management section), and that's really about all. In the remote management section of the config, everything https wise and port wise is grayed out.

    During a recent nmap scan, I can telnet, ssh, http, and https to the wrt54g through the cable modem interface! For example, my cable modem IP is 67.x.x.x. When I 'telnet 67.x.x.x", ssh 67.x.x.x, http to that IP, everything works! Also, the "firewall protection" is enabled.

    Has anybody else had similar problems? Any ideas? It's like the firewall isn't working correctly or the ports on the external interface are wide open.

    Thanks in advance!
  2. XCOM7

    XCOM7 Network Guru Member

    #1 Did you rset the Router before upgrade?
    #2 Are you scanning from within the network?
    I have a WRT54G with the same firwamre and nothing is open unles I create a rule or forward.
  3. XCOM7

    XCOM7 Network Guru Member

    I just ran a test and all ports came out stealth...
    Can you please post the commands you use with nmap to scann?
  4. wiz561

    wiz561 Network Guru Member

    everything OK

    OK... Well, I did a little further testing and here's what I found out.

    I vpn'ed into my work and tried to ssh, http, https, and telnet to the router. This failed. I nmap'ed the router and it turns out that everthing is being 'filtered' (firewalled).

    I diconnected from the vpn, and tried the same thing to the outside interface (67.x.x.x.x) of the router instead of the non-routable 10 net address, and it worked again.

    I guess what happened was when I was able to ssh/telnet/everything into the outside interface IP of the router, I freaked out a little bit! I figured that if it was firewalled, it wouldn't accept traffic from any IP. I thought that you could only telnet into the router from the local nonroutable addresses.

    A little relief now knowing that everything is safe and secure! Sorry for the comotion!!!

  5. gotamd

    gotamd Network Guru Member

    I just ran a portscan and vulnerability test on mine yesterday that was clean so I don't think there are any problems with it.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice