dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
19

Potty Time
join:2005-07-03
united state

Potty Time to koitsu

Member

to koitsu

Re: Linux embedded devices being used in botnet

So for a Tomato user who has never messed with any of the SSH/telnet settings, am I safe? How can I check and be certain that I don't have it open WAN-side?? I would hate for my precious little router to become infected or whatever this does

Thank you.

koitsu
MVM
join:2002-07-16
Mountain View, CA
Humax BGW320-500

4 edits

koitsu

MVM

said by Potty Time:

So for a Tomato user who has never messed with any of the SSH/telnet settings, am I safe? How can I check and be certain that I don't have it open WAN-side?? I would hate for my precious little router to become infected or whatever this does :( :( :(
Yes, out-of-the-box you're safe. Tomato, at no stage during installation or post-installation, permits SSH or telnet via the WAN interface (only the LAN).

If you want to verify what your settings are:

Administration -> Admin Access -> SSH Daemon

If "Enable at Startup" is checked:
 
- Make sure the "Remote Access" box IS NOT checked
- Otherwise, if "Remote Access" IS checked:
  -- Make sure under the "Remote Web/SSH Admin Restriction"
     section, there are a list of specific IPs listed which
     your router allows WAN-side SSH connections from.
  -- In this scenario, you should also make sure that the
     "Allow Password Login" box IS NOT checked, and instead
     rely entirely on SSH keys.
     The "exploit" involves brute-forcing passwords, so
     by turning off password-based SSH authentication,
     you can essentially defeat the problem entirely
  -- If you DON'T specify a list of IPs in the "Remote
     Web/SSH Admin Restriction" section, AND "Allow Password
     Login" is checked:
     --- Anyone on the Internet will be able to connect to
         the SSH daemon on your router and try to
         brute-force guess your root password -- and
         depending upon what your password is (many folks
         leave it as the default, "admin"), could gain
         access to your router and turn it into a DDoS
         client
 

It doesn't appear that Telnet is ever permitted WAN-side, unless you explicitly create a firewall rule using a start-up script or via some other means. And that's good, especially since Telnet passwords are sent in plaintext over the socket. :-)

HTH...
pandora
Premium Member
join:2001-06-01
Outland

pandora to Potty Time

Premium Member

to Potty Time
said by Potty Time:

So for a Tomato user who has never messed with any of the SSH/telnet settings, am I safe? How can I check and be certain that I don't have it open WAN-side?? I would hate for my precious little router to become infected or whatever this does

Thank you.
You can visit »www.grc.com/x/ne.dll?bh0bkyd2 and let "Shields Up" determine if you have any open ports. It is safe, and easy to do. It requires that your browser permit scripting.