No hw crypto, no ap mode, only current generation 11n chips supported.
Also given the fact that DD-Wrt not event adopted ath9k yet in favor to hacked up half open atheros drivers I wouldn't hope for opensource brcm support anytime soon.
The problem is that nginx does not support IPv6 which is kind if sad for a "modern" HTTP server. Also both nginx and lighttpd do not support mod_dav_svn as far as I know, apart from that both projects are pretty decent.
How so? At least on OpenWrt, SSH and Webif aren't even exposed to the wan side without manually changing the iptables rules first.
I guess it's the same on DD-Wrt.
The devices that were targetted appear to have some serious flaws, here's a cite from an analysis of the malware:
"Several revisions of the NB5 modem shipped with a flaw which meant that the web configuration interface
was visible from the WAN side, accepting connections and allowing users to administer the modem using the
default username and password of 'admin' from outside the LAN. Furthermore, some of these modems
suffered from another flaw, meaning that by default, authentication was not enabled for the web interface - meaning no username or password was required."
It really boils down to the usual find-weak-logins style of attacks, only the target platform has changed.
Or use a preconfigured, self-compiled OpenWrt image and do *zero* configuration after flashing.
Different projects, different audience, different goals.
Also how to automate stuff? What files do you refer to? Last time I checked, the internal DD-Wrt config was an endless sequence of "nvram set foo=bar" commands and there is *no* explaination on their meaning. Also it uses a readonly file system, so no way to easily add custom scripts or configs.
Still using Broadcom's blob, still using kernel 2.4, still no IPv6 support, still no writeable file system, still nvram based configuration.
I'm not impressed.
Slashdot Mirror
No hw crypto, no ap mode, only current generation 11n chips supported. Also given the fact that DD-Wrt not event adopted ath9k yet in favor to hacked up half open atheros drivers I wouldn't hope for opensource brcm support anytime soon.
The problem is that nginx does not support IPv6 which is kind if sad for a "modern" HTTP server. Also both nginx and lighttpd do not support mod_dav_svn as far as I know, apart from that both projects are pretty decent.
Hopefully the 5GHz band does not become clogged up now that all the new shiny 11n gear hits the market :-/
Many 802.11n devices already jam the 2.4GHz range and render near 11g devices unusable with their multi channel stuff...
Man, create a blog or so to post your rants so it's easier to filter out this crap. It's not even loosely related to the current discussion.
... reminds me on Perl's taint mode where all external input data is traced until it was explicitly checked through a regular expression or similar.
So the conclusion is "worm can infect machines with weak logins - now runs on mipsel too". :)
Thanks for the info.
What exactly are we looking for?
ls -lh /var/tmp/udhcpc.env
:)
And while you're at it, maybe recheck your password
How so? At least on OpenWrt, SSH and Webif aren't even exposed to the wan side without manually changing the iptables rules first.
I guess it's the same on DD-Wrt.
The devices that were targetted appear to have some serious flaws, here's a cite from an analysis of the malware:
"Several revisions of the NB5 modem shipped with a flaw which meant that the web configuration interface was visible from the WAN side, accepting connections and allowing users to administer the modem using the default username and password of 'admin' from outside the LAN. Furthermore, some of these modems suffered from another flaw, meaning that by default, authentication was not enabled for the web interface - meaning no username or password was required."
It really boils down to the usual find-weak-logins style of attacks, only the target platform has changed.
Or use a preconfigured, self-compiled OpenWrt image and do *zero* configuration after flashing.
Different projects, different audience, different goals.
Also how to automate stuff? What files do you refer to? Last time I checked, the internal DD-Wrt config was an endless sequence of "nvram set foo=bar" commands and there is *no* explaination on their meaning. Also it uses a readonly file system, so no way to easily add custom scripts or configs.
Still using Broadcom's blob, still using kernel 2.4, still no IPv6 support, still no writeable file system, still nvram based configuration. I'm not impressed.