Routers with backdoors ?

How many routers have backdoors or similar functionality ?

The most basic routers are probably safe.

While attempting to get a *wired* router I ended up buying a Linksys (Cisco!) WRT120N router. I couldn't find what I wanted, was out of patience, tired, and ended up getting this one. 50 euros or something.

I suppose there were plenty of warnings after I had opened the box ...
But I rushed through everything. I won't attempt to return it to the shop, maybe I can find a hapless soul willing to pay for it ...

The router actually seems quite advanced. Quite different from any other router I've used.

I don't recall the full EULA and similar, but I remember *something like* a backdoor being mentioned. Data being sent and/or the ability by someone (Linksys/Cisco/NSA?) to access the router.

'network magic' etc. Who would need such a sophisticated router ?
Maybe a business. That business better not have any American competitors !

What do you think ? Am I too paranoid ? As a simple home user the security features are total overkill.

 

How long is a piece of string ?

You think so

Paranoid means the fear of something that couldn't happen, so NO you're not. Doesn't mean it will happen, just that it could. Why risk it when people don't have to

If you use a bidirectional software FW set up correctly, alongside a router, you will be Much more secure

Better still, kick out the router

 

The 120n is a very basic entry level home grade router from Linksys/Cisco. It's actually just average in features..but for home users, quite sufficient.

I wouldn't put on the tin foil and worry about "backdoors".
ISP provided combo modem/routers like in that thread above...yes they have full access to it, after all..we're talking about CPE here (customer premise equipment)...the ISP supplies you with their hardware to give you your internet connection. It's not like you went out and bought your own router and they drilled a backdoor into that.

With your own purchased routers, general rule of thumb to keep secure...usually keep the firmware updated, change the routers web admin password, make your wireless SSID unique, and secure your wireless with WPA or higher security. Done! Phew..that was tough eh? Now sit back and enjoy.

For all my clients I always insist on a NAT router at the edge of their network, even if they just have a single PC. Hardware firewall protection from inbound is desired. I will not support PCs that just run a software firewall and they plug directly into a broadband modem sitting on a public IP address.

 

Couldn't you just use a firmware such as DD-WRT to secure your peace of mind?

 

To some extent it appears to depend on the manufacturer.
In this case, Cisco. They aquired Linksys some time ago ?

The new router is not supplied by my ISP.

It just seems like Linksys is a different kind of animal. Perhaps that has something to do with Cisco ?
The router appears to be very advanced. Probably why there is a backdoor.

I just prefer a basic router as a hardware firewall.

Any other opinions ?

 

Maybe. I don't know if that would be enough. When I tried to configure this router it was very different from other routers. I has some kind of auto-configuration. I tried to reconfigure it, but failed. I stopped trying, though.

 

I'm not sure whether this is much of an issue. Anything outside my firewall is the bloody internet, after all. I don't really need to trust the router, as long as it works. I run it in bridged mode, with the firewall in control.

I did use a laptop to set up the router, but never connect that machine to my network. It's just for travel, and gets connected to all sorts of dodgy things. In any case, there's nada on it except the OS and apps.

After all, my ISP can see as much about my traffic as they desire, because they're carrying it. If I want something to be private, I'll use OpenVPN.

Have I missed something?

 

3rd party firmware like DD-WRT, and may favorite...Tomato, add features, advanced VPN features and bandwidth settings/traffic shaping/QoS, stuff like that. But security wise..they add nothing to the plate. They still do just NAT, just like the factory firmware.

 

I guess you missed my point entirely, or didn't bother reading the OP's post. Using a different firmware, especially open source, would secure your peace of mind that there is no backdoor in it.

 

No I didn't, and "how"..unless you wrote the firmware yourself...all yourself, with no help from anyone else...how can you rest assured that there's no backdoor in it?

I work with DD and Tomato by the dozens all the time, quite familiar with them.

Next!

 

Next.

 

http://dronebl.org/blog/8

Can a routers software or daemons be downgraded to vulnerable versions? e.g. SSH
Can vulnerable components be upgraded to fixed versions via an update?

@fly

WRT120N

According to DroneBL it is in the family of vulnerable devices.

 

Maybe you're right.

But when I set it up it started some kind of auto-configuration.
I could try open source firmware. But would that really make a difference ?
Isn't the risk partly a hardware/firmware or other hardware type of access ?
BIOS, firmware/software that cannot be changed ?

I'm no geek and not a nerd. Although I tried to reconfigure it I failed. Maybe the answer is somewhere in the manual ... It would take some time to figure that out.

 

I'm sorry, I could not find that reference to the WRT120N, either on DroneBL or the link above. Please clarify ?

 

http://www.networkworld.com/news/2007/012307-us-govt-wiretapping-laws-and.html

It applies to Cisco. But what about a basic router designed in Europe and manufactured in China (Sitecom) ? Yes/no/ how do I figure it out ?

I haven't seen anything like this even mentioned in the manuals, EULAs or anything like that in any of the other routers I've used in the past. Belkin, Sitecom, Netgear, perhaps others. ASUS router ?

 

The router I currently use is a Sitecom router. Not good, but it's one of the major brands in this region.

I think I got the router plus wireless adapter for about 50 euros ... The cheapest router I could get.

Given: http://blogs.securiteam.com/index.php/archives/826

I decided to test my own router. Using nmap and telnet.

Apparently I can telnet to a certain port that may be able to accept commands. From what I gather, a GET command plus syntax.
I tried something but got an error message. Telnetting to that port actually worked. I know little about networking and the use of various tools.
Would it be possible by means of telnet and the GET command (or a different command) to gain access to my router/computer, change its settings, or to bypass the router ? I have tried, but as I said I'm no geek.
Can I get a few pointers about how actually test this ?

It has a primary WINS server, same 'address' as the one I use to access the router (192.168.X.X). It seems the router doesn't have any options to change/remove it. There is just no place in the menu. I don't know if this is important. Configuration: cable modem>router>wireless connection to my computer, no other devices in the network.

My apologies for these posts, I know this is all a bit disorganized.

 

Doesn't have anything to do with backdoors added by isp/vendors. It's actual malware that takes advantage of an exploit.

When it comes to flawed hardware I assumed you'd need to buy a new router.

As far as I know, it's the firmware that controls all network level functions, so unless they added an extra isolated "spy chip" which I don't think any company would do(increased cost, increased network overhead, etc), you should be safe with open source firmware.

 

My point about backdoors in the router were that it depends on what vulnerable software is running in the Operating System of the router.
DD-WRT is a Linux Operating System not a firmware.
Is the Kernel vulnerable?
Is the SSH server vulnerable?
Is PAM vulnerable?
Can a vendor ship vulnerable versions of any of the above?
Can you install updates to a router the way you update a desktop system?

This is a flawed concept.
The firmware you are talking about is for wireless network functions not wired.

@fly

http://dronebl.org/blog/8
We can say that all MIPs processor based routers are vulnerable to exploitation by attacks similar to the Router Blue Pill based on the info provided.
If the user of a MIPs router has a strong password policy then an attacker has to subvert a vulnerable service or a process to install the Router Blue Pill.
Some MIPs Routers allow the attack to be carried out from the WAN side, no need to infect your computer first.
Is this a hardware backdoor?
Could it have been designed to be vulnerable?
Sure.

Routers using an ARM based processor have not been shown to have a similar vulnerability, yet.

 

Gaining access to your router.

@fly

What commands are available depend on what the vendor installed.
After telnet 192.168.1.1 usernameassword you can try typing help or help all for a list of commands.
If that doesn't work then you will have to find out what OS version with uname -a then do some googling.
Or try googling "(your router) telnet command line"

 

Whaaaaat..? Did you typo something here? Wtf are you talking about that the firmware is only for wireless functions? The firmware controls EVERYTHING about the router.

I repeat myself, it's an exploit used by malware. Not a backdoor added by the isp/vendor to monitor your connections. You're taking this thread completely off-topic. A modern router would suffice to prevent this.

 

ROFL who cares if it's open source..that only means more people have their spoons in the pot. Yeah..good logic.

And if you really want to bite your fingernails, loose sleep at night, and wear a tin foil hat...one can say that "so what if it's called open source...someone may have poisoned the firmware before hosting it for downloads and just called it what they wanted." Who is to say the guys at DD don't have a back door for their use? Can you prove it? or not? or just say you don't "think so"? Huh?

And guess what, to continue making some people lose sleep at night...software firewalls can have back doors too! Yup! So if you're afraid of routers and backs doors in them, might as well be afraid of software firewalls too!

 

Open Source means the code can be reviewed, if it had a backdoor, it would have be well documented by now, but since it took me what, 3 posts to get you to understand that, I won't hold my hopes further.

Why are you posting in this thread if you have such an issue with the OP's request for information? Just because you do not share his paranoia doesn't make you right and him wrong.

 

you just crossed over into...

http://biobreak.files.wordpress.com/2009/04/the-twilight-zone.jpeg

 

No luck yet. It's certainly not on the website of the manufacturer.