Cisco backdoor still open

http://www.networkworld.com/community/node/57070

 

Holy Moly Batman. That is some bad news indeed.

Verizon Backdoor

Edit: Oh yeah. Your gonna need This

 

Does JanusPA prevent this type of intrusion?

This is really sick. Supposedly it is there for lawful surveillance. But it looks like a free-for-all. Law enforcement does not have to obey the law, nor do hackers. What laws are there anyway? I think there should be mandatory jail time for any law enforcement officer who spies on an individual without a proper warrant and without probable cause. I think the same thing should go for a judge who issues a bogus warrant. Jail time. Hacking into someone's computer is breaking and entering, and hacking someone's email should be the same as breaking into someone's mailbox.

 

I have asked here.
I will guess, if built into hardware, if possible, then LEO/Attacker could access.
If access is built into the embedded OS, then the JanusPA may be OK.
I remember reading that Kyle reworked Open-WRT to tighten it up for the device.

 

Any idea how widespread this is ?

I'd guess that the cheapest and most basic routers for home use usually don't have backdoors (especially if it's just NAT without a firewall), but I'm not sure.

 

Yes. And neither have to have a warrant and can abuse at will.

 

@Fly

I'm afraid they do, this is just one example.

http://www.broadbandreports.com/forum/r23756407-Why-have-ISP-put-a-backdoor-in-the-xxxx-firmware

The NWO want to spy and control Everyone, and the NSA are in the process of building a massive new data center to do just that. http://www.theregister.co.uk/2009/07/03/new_nsa_data_center/

Along with all ISP's required by law to retain your data, thay have black boxes installed so the NSA etc can tap into, alter etc, your data streams. Not just at the ISP level, but now directly into your PC's via your "FREE" router.

Why do think there are given away for free, so people don't buy a non backdoored one from elsewhere. Buy your own, or use a modem with good software FW. Be vigilant people, don't let them fool YOU.

 

I would never run software of my ISP ...
What about routers that are not supplied by your ISP ?
In my case, my IP and host name is assigned to the MAC address of the router, for as far as I know.

 

OK, so what's the best approach? Something like ...

* use a basic router (ADSL, cable, whatever)
* run an open-source router/firewall on generic hardware
* access the net via secure VPN

Yes?

Doing that, would you be OK even if the access router were backdoored?

 

I use a Linksys router.

 

@Fly

Good for you, i don't.

Open to debate, i wouldn't automatically trust any of them, that's why i don't use them.

@hierophant

Sounds like a plan, as long as there was no MITM attack. Prevx say they prevent this with SafeOnline ? I'd like to see a real demo of it in action to prove it though.

 

I don't think so.

If a router is backdoored and is being used by attacker/ISP, then has access to the internal LAN. By having access to the internal LAN, can drop anything into the networked machines. A firewall just makes more work for them.
My guess is your only choice would be to go Bin Laden and stop using technology that is traceable.

[offtopic]
A UK tech developer stated the goal was to have every electronic device embedded with GPS chips so they can be "spatially aware" within an environment. (From a show on Science Channel, don't recall the specific show or the name of the developer.)
I don't understand why my DVD player needs to know if it is in the living room or in the bedroom and what other devices it is close to.
[/offtopic]

 

OK, I need to trust the router(s). However, the terminology is fuzzy, in that there are broadband modems that often include routing and firewalling capabilities, and then there are routers/firewalls that don't include modem/transceiver functions. Do I need to trust a broadband modem that isn't doing any routing and firewalling?

My current home/work network uses an old Zyxel 642R running in bridge mode with a WatchGuard Firebox X5 Edge, plus a few Netgear switches. I don't use Wi-Fi. My ISP supplied the Zyxel 642R about eight years ago, before the latest wave of lawful intercept craziness. Running Nmap on my IP -- either from a friend's machine or using http://nmap-online.com/ -- shows that ports 1-5000 are filtered.

Where could there be backdoors in that hardware setup? And how could I find them?

The other key question is what I would replace that with. I'm guessing that it'd be best to use ...

1) a broadband modem with no routing or firewalling capabilities, because that might not be readily backdoored

2) an open-source software router/firewall running on generic server hardware, because backdoors would be evident in the source

Is that correct?

Might that be the WRT54GL or WRT160NL? Running Linux? What do you use as the broadband modem?

 

A "filtered" port in nmap signifies one of three things:
No SYN/ACK packet was recieved
No RST/ACK packet was received
An ICMP type 3 message with code 13 was received

Nmap Online has some limitations,
The following options are disabled in scan requests: -o, --resume, --append-output, --append_output, --interactive, -i, -S, -e, --datadir, --privileged, -6, -f, -sC, --mtu, --stylesheet, --webxml, --iflist, --packet-trace, --packet_trace, --spoof-mac, --spoof_mac, --badsum, --script, --unprivileged, --ip-options, --ip_options, --servicedb, --versiondb, --release-memory

Majority of Firewall, Routers, Modems need a browser to access the device.
If the browser becomes infected and then access the protecting device, it will be compromised.
My solution for ensuring the browser is secure/uninfected is a LiveCD.
Access the device when disconnected from the internet.
I also have wifi disabled.

Firebox looks kinda rough, I wonder if scapy can make it through?

Firebox-X-Edge

Have you scanned -p- all ports with nmap to look for open ports?

If the device is supplied by the ISP all bets are off.

 

Yes. I guess that they want to limit potential damage.

Is "rough" a complement, or a criticism? Re scapy, I guess that I'll need to see I'm planning to learn all of this ASAP. I guess that I'll need another WAN connection to test this one. And vice versa.

I'll need to ask what my friend used.

What Nmap options do you recommend? I presume that there's a range from "tough test but safe" to "may well trash stuff", yes?

In my case, the ISP provided the Zyxel 642R, but I bought the Firebox X5 Edge independently.

If I'm using the Zyxel 642R in bridge mode, is it safe, even though supplied by the ISP?

Also, would it help to reflash the Firebox with clean firmware?

 

It is a compliment. That device reads very Kool. I will have to keep it in mind when I am capable of affording one.

I am just learning nmap so I can't explain in detail until I understand myself.
I have learned how to use it on the local system to find open ports.
I have made a few distance scans on relatives and a forum or two to practice. Yikes, I should be careful about scanning the Forums.
Syn tcp and udp, ping, traceroute, 127.0.0.1, various ports, normal to agressive, and a few other options that I don't fully understand.
To learn> detect firewall type,

I am all for poking and prodding the device and see if you can get in.
I'm also for peeking on the inside to see the layout.
If you don't know the layout of the flash, or where ever the OS is located, you may miss a malicious modification.
As for reflashing it, I wouldn't unless there were some security fix that plugs some gaping whole. If you modify it, then you will need to maintain a record of your change.
If you leave it factory EOS then you know instantly if there is a suspicious change.

 

Thanks, Searching_ _ _. I'm about in the same place re nmap. I get that scanning without permission isn't polite, and could attract unwanted attention

 

For nmap, run something like this:

Code:

nmap -PN -sT -sU -vv -p- <ip address>

This will scan all 65535 TCP and UDP ports and will skip the ping (which takes a lot of time) and is not necessary if you know the box you are scanning is up.

 

It's a WRT160N. My computer is a Vista 64 bit. And my modem is a Motorola SBV5220 SURFboard cable medom.

Does that sound okay?

 

I don't know enough to say. I asked re those Linksys models because I've read that they can be flashed with Linux, which arguably wouldn't be backdoored.

Perhaps someone could confirm that a broadband modem is too simple-minded to be backdoored. I've googled some, and haven't found a clear answer.

 

Yes, it does prevent this type of intrusion. You have full root access on the device, so you can check the IPtables rules yourself, or modify them to your needs.

It also protects against attacks from your local PC, which could have leveraged Tor to do 'bad' things. http://archives.seul.org/or/announce/Sep-2007/msg00000.html

This is why JanusVM (software) is free; to protect Tor from all the other programs on your PC.
JanusVM for 2010 is out and updated BTW.

JanusPA's are on hold for the time being. Hopefully not much longer.

- Kyle

 

What would stop a Forum from using javascript or PHP to scan my network?

Another thought,
Many ISP devices are designed from existing consumer products.
So the question remains, Is the Backdoor in the hardware or in the EOS?

If the backdoor is in the EOS and your device is also available to consumers, but in a different shell, then you could copy the consumer EOS, which may not be backdoored, and flash it onto the ISP device.

How do I install JanusVM on Linux in VB?