Noah Vail
Premium
join:2004-12-10
Lorton, VA
 ·RoadRunner Cable
| reply to PapaMidnight
Nothing is scared...
There is no evidence that an available SSID causes any significant security risk, in and of itself. It's weak or non-existent encryption; weak or non-existent passwords that make or break a routers security.
I manage dozens of routers that fall squarely in the zone for this bot. They're all running dd-wrt. I use MAC filtering and TPIK enhanced WPA2. My passwords are sufficiently strong, so I don't worry about having telnet and http access available via the web/LAN.
They're not going to get infected by this thing; not one.
However, I'm tempted to throw one out there as a honeypot so I can get a look at this bug.
The interesting thing will be how we deal with it. With a PC virus, we update our virus defs and maybe scan the system. Then we forget about it.
With this, we'd have to update the firmware, to either treat or prevent infection. That will mean having to enter our settings from scratch. That's a pain.
For giggles I stopped by the dd-wrt forums to see what they make of the bug and I found a grand total of 1 thread w/ 2 posts; neither by a mod. I had hoped for something a bit more proactive. Perhaps after enough news blurbs connecting their firmware with the bot, they'll feel a bit more attentive.
NV
--
In my perfect religion, a giant hole appears and sucks up all the lousy people.
I call it the Crapture. |
|
TomClancy
Freedom isn't free
join:2003-04-23
... | DD-WRT makes you change your password and your username before you can change any settings in the router.
--
Freedom isn't free! |
|
sivran
Long Live The Suite
Premium
join:2003-09-15
Arlington, TX
clubs: | reply to Noah Vail
I think his point was the owners never bothered to change the defaults. We all know SSID hiding and MAC filtering are useless.  |
|
Eat Me
join:2002-09-25
Sussex, NJ
 ·PenTeleData
 ·Future Nine Corpor..
·VOIPo
·Vonage
1 edit | reply to Noah Vail
said by Noah Vail  :There is no evidence that an available SSID causes any significant security risk, in and of itself. It's weak or non-existent encryption; weak or non-existent passwords that make or break a routers security. That is quite true. However, I believe his point was that one of the default SSIDs is usually a tip off that the router was never configured away from its default and is most likely still wide open.
Most non-savvy users will just buy a wireless router in a store, plug it in and once it works they're happy. |
|
kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH
| reply to Noah Vail
said by Noah Vail :The interesting thing will be how we deal with it. With a PC virus, we update our virus defs and maybe scan the system. Then we forget about it. With this, we'd have to update the firmware, to either treat or prevent infection. That will mean having to enter our settings from scratch. That's a pain. From what I've read, at present this malware doesn't touch the firmware, instead it loads into (volatile) RAM and runs from there; thus, it's gone as soon as you powercycle the router.
So, if something gets infected, just disconnect it from the WAN, powercycle it, then change the password to something stronger and/or disable telnet/ssh, plug it back in, and you're set.
--
To ISPs: Leave our ports alone! If I want ports blocked, I'll do it myself, thank you. |
|
aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
·Verizon Online DSL
|  reply to TomClancy
said by TomClancy :DD-WRT makes you change your password and your username before you can change any settings in the router. That is half correct / half wrong.
In the newer ones it does. In the older ones, well you get the point...
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact. |
|
