dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
26

Bill_MI
Bill In Michigan
MVM
join:2001-01-03
Royal Oak, MI
TP-Link Archer C7
Linksys WRT54GS
Linksys WRT54G v4

1 recommendation

Bill_MI to koitsu

MVM

to koitsu

Re: [Security] UPNP vulnerability

Thanks, we're thinking very much the same.

I think it was a total of 6 responses identifying themselves as Tomato. But these guys scanned the entire 16 billion IPv4 space! Six is an absolutely meaningless number being so low. I'm surprised there weren't more in the world misconfiguring things than just 6!

Of course, my whole point is how inclusion in the spreadsheet means little without such context. Thanks again.

koitsu
MVM
join:2002-07-16
Mountain View, CA
Humax BGW320-500

koitsu

MVM

said by Bill_MI:

I think it was a total of 6 responses identifying themselves as Tomato. But these guys scanned the entire 16 billion IPv4 space! Six is an absolutely meaningless number being so low. I'm surprised there weren't more in the world misconfiguring things than just 6!

Here are two posts (one post, one thread) where an individual did exactly what I said (re: "the more people screw around, ... the more likely they're exposed"):

»www.linksysinfo.org/inde ··· x.68094/
»www.linksysinfo.org/inde ··· t-222422

So like I said, as long as people keep it simple and don't try to get all crazy with their Tomato/TomatoUSB routers and use them "normally" (i.e. as a simple home NAT router providing Internet access to their home PCs and laptops), they're secure. It's when people begin to go balls-to-the-walls that problems get introduced (like in the above thread, where the individual quite literally had every single daemon on his router publicly accessible to the Internet -- his UPnP instance was probably one of the few which was detected!). KISS wins again.

heirloom
@lessnetworking.net

heirloom

Anon

said by koitsu:

Here are two posts (one post, one thread) where an individual did exactly what I said (re: "the more people screw around, ... the more likely they're exposed"):

»www.linksysinfo.org/inde ··· x.68094/
»www.linksysinfo.org/inde ··· t-222422

So like I said, as long as people keep it simple and don't try to get all crazy with their Tomato/TomatoUSB routers and use them "normally" (i.e. as a simple home NAT router providing Internet access to their home PCs and laptops), they're secure. It's when people begin to go balls-to-the-walls that problems get introduced (like in the above thread, where the individual quite literally had every single daemon on his router publicly accessible to the Internet -- his UPnP instance was probably one of the few which was detected!). KISS wins again.

Whoaaaa. Your message is unreasonable. Here is why.

You can't honestly believe it is reasonable that someone would purchase an expensive powerful "open" router, find a release of Tomato that has a full set of VPN features, go through the trouble of flashing the router, jump through a pile of hoops to make certain the configuration has been wiped correctly, then use the device as a simple NAT gateway? Really? Anyone could achieve that result buying a $15 device and just plug it into their network.

Saying that applying and using a VPN is "all crazy" is just a bizarre statement. To further suggest suggest "begin to go balls-to-the-walls that problems get introduced" is silly. Using a VPN is nothing of the sort.

The issue that was uncovered was simply because using a Tomato PPTP Client VPN will cause the remote end to have complete access to the processes running on the Tomato router. Nothing more complicated than that. No other factors were at play. Not customized firewall rules. Not NAT.

The stock/default firewall rules do in fact allow new inbound TCP connections or UDP packets to make it to local processes on the WAN ppp0 interface when using the PPTP Client VPN. Its something for which all users of the Tomato client VPN feature should be aware.

See here:
»repo.or.cz/w/tomato.git/ ··· ad81115c

If you wish to characterize use of that feature as "all crazy" then you do a disservice to the community. The use of VPNs is expected to rise globally 4% over the period 2012-2016. Home use of VPNs will exceed that figure. Helping to secure Tomato is a valuable contribution. Ranting and misleading statements are not.

koitsu
MVM
join:2002-07-16
Mountain View, CA
Humax BGW320-500

koitsu

MVM

If you feel I'm doing a disservice, I'm glad to hear it. *blank stare* There's nothing misleading about the fact that the user has 1) uses private network addressing spaces, 2) uses multiple layers of NAT, 3) uses a VPN. This configuration is uncommon, and I can assure you, will not become more common over the next 4 years.

I was simply showing Bill_MI See Profile a real example of how a user's overly complex environment resulted in UPnP being accessible via the Internet.