Puzzled About Router Security Design

Fundamental Question: What external (or internal) software could possibly need to mess around with the router's settings that we install strong passwords and turn off remote administration specifically to protect? If there are "features" of modern routers that actually require this capability, then how do security-conscious users select hardware that does not include these features and the accompanying security vulnerabilities?

Background: Some routers evidently have/had back doors deliberately designed into their firmware. See, for example, a recent announcement, e.g., "http://www.pcworld.com/article/2054680/dlink-to-padlock-router-backdoor-by-halloween.html". Following the link to the source of the discovery at "http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/", I find the following astonishing conjecture:

"I found several binaries that appear to use xmlsetc to automatically re-configure the device’s settings (example: dynamic DNS). My guess is that **the developers realized that some programs/services needed to be able to change the device’s settings automatically**; realizing that the web server already had all the code to change these settings, **they decided to just send requests to the web server whenever they needed to change something.** The only problem was that the web server required a username and password, which the end user could change. Then, in a eureka moment, Joel jumped up and said, 'Don’t worry, for I have a cunning plan!'."

Any enlightenment or re-direction to a more relevant source would be appreciated. -- jclarkw

 

This feature could f.ex be used to remote-(re)configure ISP-supplied routers
or in 'corporate environments' .
But yes, it is troubling that you can not really trust your hardware !

 

Thanks, Enigm. Any idea how to avoid this kind of router? It's hard to see why a product aimed at consumers (e.g., my D-Link DIR-645, not that I know it has this problem) would need such a back door... -- jclarkw

 

I would think that good open-source firmware such as OpenWRT (I like Gargoyle) or DD-WRT would put a stop to that.

 

SirDrexl -- Having taken a quick look at the sites you suggested, I think this is over my head. I don't see any prepackaged, flash-able firmware out there for the D-Link DIR-645 rev. A1. Am I missing something?

I do see a nice-looking Wireless-N router sold by Gargoyle, but I doubt it has the range of myDIR-645 with its "smartbeam" technology.

Do any of the commercial manufacturers have particularly good reputations for security. -- jclarkw

 

In my 20 years of networking experience, I have never seen more frequent firmware updates for both problems and security than Asus. And, yes, I have used SOHO routers made by Belkin, TP-Link, Trendnet, Linksys, D-Link, and Netgear.

I could go on and on, but just plain don't have the time that I used to since moving from TX to MA....

 

Sorry to be obtuse, kdcdq, but are more frequent updates a good sign or a bad sign? And do you have any comments on Gargoyle? -- jclarkw

 

Those are fair questions.

1) When you look at the various firmware change logs, especially from Asus, you see that what companies are actually addressing both networking issues/problems and increasing the security of the router. SO, in this case, I view more frequent firmware changes as a "good sign".

2) From a support standpoint, I stay away from OEM firmware except for DDWRT.

3) I do NOT have any experience with Gargoyle routers, so I am unable to advise you on this.

 

OK, got it. I take it you don't trust openWRT.

Does anyone else have recommendations for secure routers and/or compatible, pre-configured, open-source firmware? I'm getting pretty fed up with D-Link...

 

Tomato firmware.

 

SirDrexl -- Have you (or do you know anybody who has) used the Gargoyle Router (the hardware sold by Gargoyle pre-loaded with Gargoyle firmware)? Except for the nice bandwidth-allocation features, I haven't been able to find much discussion of it.

And regarding Gargoyle firmware itself:

Although the OEM firmware native to the TP-Link TL-WR1043ND offers enable/disable switches for things like SPI, DoS, UDP Flood, TCP-SYN Flood, and Ignore Ping from WAN (in addition to the "Access Restrictions" that are clearly implemented in Gargoyle), I don't immediately see any way to control these features through Gargoyle. Also no clear way to set up port filters for individual remote sites.

(Maybe I'm missing something. It's difficult for me to learn the features of Gargoyle through the clumsy on-line "Configuration Guide.")

Any further comments on Gargoyle would be appreciated. (...and Happy New Year to All!) -- jclarkw

 

Check these links !

http://www.cryptome.org/2013/12/Full-Disclosure.pdf

http://leaksource.wordpress.com/201...nearly-every-major-software-hardware-firmware