
Critical vulnerabilities in numerous ASUS routers - Kilo-byte
http://www.h-online.com/security/news/item/Critical-vulnerabilities-in-numerous-ASUS-routers-1918469.html
======
zdw
If you haven't already, go replace your firmware with OpenWRT:

[http://wiki.openwrt.org/toh/start#asus](http://wiki.openwrt.org/toh/start#asus)

It's a much better UI experience, performs better, and with better stability
than most OEM firmwares, and it's open source so you can inspect/recompile the
code as needed to satiate your security concerns, install arbitrary software,
etc.

This is literally the first thing I do with every router I pull out of the
box.

Unfortunately, ASUS's devices tend to use the Broadcom 47xx series chipsets in
general, which tend to be not as well supported as newer chipset like the
Atheros 7k and 9k variants, which are in most of the recommended devices these
days.

~~~
prawks
Tomato is great as well, and is very user friendly in my experience (on my
personal RT-N16, can't speak to professional use).

[http://www.polarcloud.com/tomato](http://www.polarcloud.com/tomato)

[http://en.wikibooks.org/wiki/Tomato_Firmware/Supported_Devic...](http://en.wikibooks.org/wiki/Tomato_Firmware/Supported_Devices#Asus)

------
gecko
The first vulnerability listed isn't a huge deal; it only applies when AiCloud
is activated, which I suspect most people don't.

On the other hand, the second vulnerability listed--that UPnP is _available on
the @#%( WAN port_ \--should have people incredibly upset.

~~~
achillean
UPnP on a the WAN is actually VERY common. There are at least 30 million
devices out there that have publicly exposed UPnP, see
[http://www.shodanhq.com/search?q=port%3A1900](http://www.shodanhq.com/search?q=port%3A1900)

For comparison, there are more public UPnP services than there are HTTPS.

And as a side-note, there are also more Telnet servers than HTTPS servers by a
narrow margin.

------
mikevm
Given the recent NSA revelations, and the various posts discussing software
and hardware backdoors, this vulnerability sent me into full-blown paranoia
mode.

You can't trust web service providers, you can't trust your ISP, you can't
trust your gov't, you can't trust hardware providers. Jesus H. Christ, is
there anything left to trust?

I'm starting to feel that by the simple act of connecting a device to the
Internet I'm already compromised which makes me feel dirty.

I guess Richard Stallman isn't so crazy after all for demanding open source
hardware (well, he's actually demanding 'free' hardware). I know that DD-WRT
is an open source router firmware, but I'm not sure whether high-end routers
support it.

~~~
lwhalen
I've got TomatoUSB on my Asus router. EXCEPTIONALLY powerful and stable
firmware with great wireless coverage. This past weekend, pardon my
humblebrag, I was able to segregate my network into separate VLANs for the
home LAN, guest wireless, and a DMZ for my servers, with appropriate access
ACLs (via iptables) for each. I feel very secure with this firmware, far
moreso than with the Asus stock one that's for sure!

~~~
circa
I second Tomato. It has done me no wrong on my 4+ year old AP

~~~
emmelaich
Tomato is excellent.

I'll note that there is
[https://code.google.com/p/rt-n56u/](https://code.google.com/p/rt-n56u/) as
well, though I know nothing about except what I read there.

I also heard that earlier ASUS routers had awful UIs and that they licensed
Tomato from Polarcloud ... but I see no evidence of that (yet).

------
fulafel
This kind of consumer NAT boxes have a history of being like swiss cheese.
Only use them in bridge mode!

------
diminoten
Oh neat, I've got one of these!

But I've got DD-WRT on there, so I'm... good to go?

uPNP has been a no-go security wise for a while now though, hasn't it?

------
zokier
I have RT-N12, it's not on the list. Am I safe, is there some kind of test
that would indicate if I'm vulnerable?

------
leeoniya
toastman builds have been solid for me:
[http://www.4shared.com/dir/v1BuINP3/Toastman_Builds.html](http://www.4shared.com/dir/v1BuINP3/Toastman_Builds.html)

also great:
[http://tomato.groov.pl/download/](http://tomato.groov.pl/download/)

~~~
deelowe
Why wouldn't these have the same vulnerability? Aren't they just modified
versions of the Asus firmware?

~~~
amiramir
I don't believe so. Both DD-WRT and Tomato are essentially Linux builds
(2.6.xx kernel) with drivers for the router's hardware. They are fairly close
in features with some people preferring the Tomato UI to DD-WRT.

------
sramov
OpenBSD on either Soekris or ALIX and you are done.

~~~
gwu78
This really should be the top comment.

------
joshSimms
Thanks for this post. I am installing ddwrt today!

