21 comments

[ 8.1 ms ] story [ 66.9 ms ] thread
Anyone played with this?

term1$ tcpdump -i en1 -X -n port 32764

term2$ telnet 192.168.0.1 32764

Output doesn't show the expected hex code. Is this naive?

Yeah, I tried but with my external IP:

    $ telnet [redacted] 32764
    Trying [redacted]...
    telnet: connect to address [redacted]: Connection refused
    telnet: Unable to connect to remote host
Does this mean my router has no backdoor? Is it clever enough to avoid detection?
Are you running one of the affected hardware models?
No, but I have a fairly uncommon router (not ISP supplied) so I was curious if it also had a backdoor. It doesn't respond on LAN so it seems my DrayTek Vigor 2750N is backdoor-free for now...
That just means it's free of this particular backdoor.
Hence "for now...". A new backdoor could surface tomorrow.
(comment deleted)
I guess this is yet another reason not to rely on firewalls and outdated notions of "internal" and "external" networks for any kind of real security.

Increasingly, it seems that firewalls are doing less to improve actual security, while continuing to hinder legitimate network connectivity and the deployment of new protocols.

I think you're conflating firewalls and NAT. The idea of "internal" and "external" networks still apply in a non-NAT environment but what takes some getting used to is that with full end-to-end connectivity, you're back to an implicit "default-allow" policy where NAT created an implicit "default deny". The answer is to have a default deny firewall rule on your border router (your home gateway appliance), and then allow services as needed.
Everything he said applies to a typical legacy corporate network that has a centralised default-deny firewall on front of it (but no NAT).

Host-based firewalls are much more flexible and have many security advanteges.

cool article - I do think the easy fix is port forwarding?
I'm disappointed that this wasn't taken to its logical conclusion: use the backdoor to remote-patch affected routers.
It's about liability, the possibility of failure, and touching stuff that isn't yours. If someone does write such a program, it better be thoroughly peer reviewed. That said, I'd prefer to have a bricked router than one with a backdoor...
Can we use the exploit to actually apply this patch?
I'm hoping that some day a lawsuit is successfully taken against a device maker who does this.