Linux firmwared routers targeted in new botnet

R

Ren H

Limp Gawd
Joined
Mar 27, 2005
Messages
203
Did a quick search here, nothing, so thought I'd pass this along:

Linux embedded devices being used in botnet (from dslreports)

The below two URLs don't really explain *how* they gained access to said DD-WRT/OpenWRT/Tomato boxes, but based on what I can figure out, it's this:

If you have SSH or telnet open to the world (e.g. WAN-side), and have a fairly insecure password (such the default password of "admin" in Tomato), brute-force SSH/telnet attempts will eventually succeed.

Those who don't permit incoming SSH/telnet to the router via WAN, or allow SSH but disallow passwords (instead requiring keys) should be fine.

OpenWRT apparently leaves telnet open until you've set a root password.
Click to expand...
No remote admin folks!
And change those damn passwords!
 
You must log in or register to reply here.
Back
Top