said by Potty Time:So for a Tomato user who has never messed with any of the SSH/telnet settings, am I safe? How can I check and be certain that I don't have it open WAN-side?? I would hate for my precious little router to become infected or whatever this does :( :( :(
Yes, out-of-the-box you're safe. Tomato, at no stage during installation or post-installation, permits SSH or telnet via the WAN interface (only the LAN).
If you want to verify what your settings are:
Administration -> Admin Access -> SSH Daemon
If "Enable at Startup" is checked:
- Make sure the "Remote Access" box IS NOT checked
- Otherwise, if "Remote Access" IS checked:
-- Make sure under the "Remote Web/SSH Admin Restriction"
section, there are a list of specific IPs listed which
your router allows WAN-side SSH connections from.
-- In this scenario, you should also make sure that the
"Allow Password Login" box IS NOT checked, and instead
rely entirely on SSH keys.
The "exploit" involves brute-forcing passwords, so
by turning off password-based SSH authentication,
you can essentially defeat the problem entirely
-- If you DON'T specify a list of IPs in the "Remote
Web/SSH Admin Restriction" section, AND "Allow Password
Login" is checked:
--- Anyone on the Internet will be able to connect to
the SSH daemon on your router and try to
brute-force guess your root password -- and
depending upon what your password is (many folks
leave it as the default, "admin"), could gain
access to your router and turn it into a DDoS
client
It doesn't appear that Telnet is ever permitted WAN-side, unless you explicitly create a firewall rule using a start-up script or via some other means. And that's good, especially since Telnet passwords are sent in plaintext over the socket. :-)
HTH...