Vulnerabilities that may actually matter

Bruce Schneier let me know that the WRT54G and a whole bunch of other routers were recently shown to be at least targets of a CIA vulnerability study and possibly compromised at the firmware level.

Now I, like any good sysadmin updates the firmware on my router but I’m no longer in the business of saying “I’m all patched, come at me bro”. Furthermore the WRT54G is one of the good ones, I’m a bit saddened to see it on this list.

This one kinda bugs me because routers are sorta the reason we can’t really hack each other directly anymore. I send you some malicious exploit and your router is like, wtf is this, it hits the end of the ACL and is dropped. If there’s an exploit that changes that, we’re back to the movies of hacking.

If you are paranoid about your router being hacked, just make an open source router with a Raspberry Pi or something.

That’s been on my to do list for some time. In a sense I already do that (sorta) by running a tomatousb variant on my WRT54G. It’s just that that doesn’t quite stop anything hardware level.

I’m not paranoid, and I’m probably gonna say I’m gonna opensource my router then never do it. But the reason I bring this it’s own thread is that the wrt54g is like the apple II of routers, solid and awesome. This is like finding out you shouldn’t be using an apple II to make a gpg key because it’s compromised. Leaves me feeling sour.

[quote=“Apreche, post:2, topic:814, full:true”]
If you are paranoid about your router being hacked, just make an open source router with a Raspberry Pi or something.
[/quote]Does a RasPi really have the power to route packets?

Personally I’m a fan of PFSense, it’s router/firewall software that runs on x86 hardware. I have mine running on an old Dell laptop.

The WRT54G and all Raspberry Pi versions use Broadcom ARM CPUs.

The WRT54G has a 240Mhz chip.

The very first Raspberry Pi had a 700 Mhz chip.

The newest Raspberry Pi (v3) has a 1.2 GHz 64-bit quad-core CPU.

Basic routing is not hard work.

Point well made. I still really like PFSense though.

We use that at work. I’m probably going to set it up at home as well. As much for the learning experience as it is to replace the WRT54G