Router hacked. - Ubuntu

This is a semi-Ubuntu question concerning Linksys routers. Comcast
killed my port 25 outgoing e-mail claiming I was spamming and I have a
WRT54G, but considering a GL and DD-WRT. Has anyone else had a wireless
compromised like this? It was in 'open' unprotected mode for a while
after a power glitch last week and apparently a war driver got into it
before I found out. The wireless 802.11G is for my daughter's college
work on her laptop and I haven't been able to catch her to get her MAC
again, and lock out all others.
The question is mainly if anyone has used the GL and or DD-WRT and how
straightforward it is to work with.
Dan C need not answer this, since it is not play time for me right now.
There is the possibility that someone could have spoofed my email but
that seems a bit more unlikely.
Moog? Anyone?
Bill Baka

After a really pissy hour on the phone to Comcast legal.

How have you isolated the problem pointint it to the router? Are you
sure that it is your router that is spamming? This sounds somewhat
improbable, so some clarification would be warranted.

What is your home network topology, and where could spam possibly
originate?

Do you have any windows computers on the network?

i

On 2008-07-28, larrys707 wrote:
> This is a semi-Ubuntu question concerning Linksys routers. Comcast
> killed my port 25 outgoing e-mail claiming I was spamming and I have a
> WRT54G, but considering a GL and DD-WRT. Has anyone else had a wireless
> compromised like this? It was in 'open' unprotected mode for a while
> after a power glitch last week and apparently a war driver got into it
> before I found out. The wireless 802.11G is for my daughter's college
> work on her laptop and I haven't been able to catch her to get her MAC
> again, and lock out all others.
> The question is mainly if anyone has used the GL and or DD-WRT and how
> straightforward it is to work with.
> Dan C need not answer this, since it is not play time for me right now.
> There is the possibility that someone could have spoofed my email but
> that seems a bit more unlikely.
> Moog? Anyone?
> Bill Baka
>
> After a really pissy hour on the phone to Comcast legal.

--
Due to extreme spam originating from Google Groups, and their inattention
to spammers, I and many others block all articles originating
from Google Groups. If you want your postings to be seen by
more readers you will need to find a different means of
posting on Usenet.
http://improve-usenet.org/

Ignoramus9959 wrote:
> How have you isolated the problem pointint it to the router?
We had a power glitch about a week ago that wiped the router settings
and went to default, leaving my wireless access point wide open. I use
Windows for some things, and have 2 totally separate Ubuntu Hardy
installations on two different drives.
> Are you
> sure that it is your router that is spamming? This sounds somewhat
> improbable, so some clarification would be warranted.
>
> What is your home network topology, and where could spam possibly
> originate?
>
> Do you have any windows computers on the network?
>
The router is set up as the gateway to the Internet DSl, and my computer
is the 'Admin' on port 1 of the 10/100 Ethernet, with my daughter's XP
laptop on the 802.11G (locked mode). She is totally a win-droid, to
quote some one else, but I use a variety of systems, from DOS, to Sun,
Suse, Ubuntu, and, yes, XP, but never IE or Outlook.
Normally I have it set to channel 11, not the default, use WPA-TKIP,
lock it to her MAC address, and every other possible precaution,
including no DMZ or gaming holes to exploit. The computer is off when
not in use, since I am actually trying to conserve energy, so when the
router wireless is blinking I just assume it is her doing school work
for her two degrees, English and Psych, but nothing technical. I doubt
that I could have my Windows XP infected since I have levels of
protection, including a server type 3COM 3CR990 Ethernet card, and
Zonealarm, AVG, Avira, Adaware, and Spybot S&D. I also changed the
router default from 1.101 etc. to 8.101 as the base, so that normally
would be pretty hard for someone to guess. The next step might be to
enable port forwarding to Comcast and to tell them to *only* allow those
2 to be recognized, but that could, maybe, kill some of my bit torrent
downloads for program updates or new distributions.
That leaves me wondering if SHE did get infected on her laptop???, or if
there is someone in my hick town that actually knows how to 'war-drive',
since I live in mostly red neck territory.
The last, and only infection I ever got was ten years ago when somebody
found a port 445 hole in my windows NT.
I hate windows, but the truth is I have to have it for work projects for
my clients now that I don't work a 40 week as a captive employee any more.
Even Comcast legal can't tell me what happened, except that they sent me
an email that I never got and blocked me as a spammer.
The reason the router reset got by me is that both her system and mine
just looked for the router and went back to default without giving me a
flag of any kind.
Kind of a bum deal.
Bill Baka
> i
>
> On 2008-07-28, larrys707 wrote:
>
>> This is a semi-Ubuntu question concerning Linksys routers. Comcast
>> killed my port 25 outgoing e-mail claiming I was spamming and I have a
>> WRT54G, but considering a GL and DD-WRT. Has anyone else had a wireless
>> compromised like this? It was in 'open' unprotected mode for a while
>> after a power glitch last week and apparently a war driver got into it
>> before I found out. The wireless 802.11G is for my daughter's college
>> work on her laptop and I haven't been able to catch her to get her MAC
>> again, and lock out all others.
>> The question is mainly if anyone has used the GL and or DD-WRT and how
>> straightforward it is to work with.
>> Dan C need not answer this, since it is not play time for me right now.
>> There is the possibility that someone could have spoofed my email but
>> that seems a bit more unlikely.
>> Moog? Anyone?
>> Bill Baka
>>
>> After a really pissy hour on the phone to Comcast legal.
>>
>
>

On 2008-07-28, larrys707 wrote:
> This is a semi-Ubuntu question concerning Linksys routers. Comcast
> killed my port 25 outgoing e-mail claiming I was spamming and I have a
> WRT54G, but considering a GL and DD-WRT. Has anyone else had a wireless
> compromised like this? It was in 'open' unprotected mode for a while
> after a power glitch last week and apparently a war driver got into it
> before I found out. The wireless 802.11G is for my daughter's college
> work on her laptop and I haven't been able to catch her to get her MAC
> again, and lock out all others.
> The question is mainly if anyone has used the GL and or DD-WRT and how
> straightforward it is to work with.
> Dan C need not answer this, since it is not play time for me right now.
> There is the possibility that someone could have spoofed my email but
> that seems a bit more unlikely.
> Moog? Anyone?
> Bill Baka
>
> After a really pissy hour on the phone to Comcast legal.

Are you running a mail server on any machine? Sendmail or some other
such software? Perhaps you have a win machine with a bot installed
accidentally?

Your router cannot send spam. Your router has not been compromised.
You simply need to close port 25, if you are not using it for a Mail
agent. If you are, you need to secure the agent. If whichever
software you are using is allowing an open relay, you will transmit
spam.


--
Joe - Linux User #449481/Ubuntu User #19733
joe at hits - buffalo dot com
"Hate is baggage, life is too short to go around pissed off all the
time..." - Danny, American History X

On Mon, 28 Jul 2008 11:39:33 -0700, larrys707 wrote:

> Dan C need not answer this, since it is not play time for me right now

Hahahahah why not just paint a bulls-eye on your forehead?
--
#1 Offishul Ruiner of Usenet, March 2007
#1 Usenet Asshole, March 2007
#10 Most hated Usenetizen of all time
Pierre Salinger Memorial Hook, Line & Sinker, June 2004
Pierre Salinger Memorial Hook, Line & Sinker, May 2008
COOSN-266-06-25794

On 2008-07-28, larrys707 wrote:
> Ignoramus9959 wrote:
>> How have you isolated the problem pointint it to the router?
> We had a power glitch about a week ago that wiped the router settings
> and went to default, leaving my wireless access point wide open. I use
> Windows for some things, and have 2 totally separate Ubuntu Hardy
> installations on two different drives.

So, the router was left wide open, and that possibly opened access to
from the Internet to the servers that were inside, and they got hacked
and were used for spamming. Is that Right?

Or, are you saying that wireless settings were made wide open and your
neighbors could connect?

Cound it be that your neighbors were spamming?

>> Are you
>> sure that it is your router that is spamming? This sounds somewhat
>> improbable, so some clarification would be warranted.
>>
>> What is your home network topology, and where could spam possibly
>> originate?
>>
>> Do you have any windows computers on the network?
>>
> The router is set up as the gateway to the Internet DSl, and my computer
> is the 'Admin' on port 1 of the 10/100 Ethernet, with my daughter's XP
> laptop on the 802.11G (locked mode). She is totally a win-droid, to
> quote some one else, but I use a variety of systems, from DOS, to Sun,
> Suse, Ubuntu, and, yes, XP, but never IE or Outlook.
> Normally I have it set to channel 11, not the default, use WPA-TKIP,
> lock it to her MAC address, and every other possible precaution,
> including no DMZ or gaming holes to exploit. The computer is off when
> not in use, since I am actually trying to conserve energy, so when the
> router wireless is blinking I just assume it is her doing school work
> for her two degrees, English and Psych, but nothing technical. I doubt
> that I could have my Windows XP infected since I have levels of
> protection, including a server type 3COM 3CR990 Ethernet card, and
> Zonealarm, AVG, Avira, Adaware, and Spybot S&D. I also changed the
> router default from 1.101 etc. to 8.101 as the base, so that normally
> would be pretty hard for someone to guess. The next step might be to
> enable port forwarding to Comcast and to tell them to *only* allow those
> 2 to be recognized, but that could, maybe, kill some of my bit torrent
> downloads for program updates or new distributions.
> That leaves me wondering if SHE did get infected on her laptop???, or if
> there is someone in my hick town that actually knows how to 'war-drive',
> since I live in mostly red neck territory.

Could be anything, but you can find out with some persistence. If your
router has some advanced settings, you can block ports by IP.

> The last, and only infection I ever got was ten years ago when somebody
> found a port 445 hole in my windows NT.
> I hate windows, but the truth is I have to have it for work projects for
> my clients now that I don't work a 40 week as a captive employee any more.
> Even Comcast legal can't tell me what happened, except that they sent me
> an email that I never got and blocked me as a spammer.
> The reason the router reset got by me is that both her system and mine
> just looked for the router and went back to default without giving me a
> flag of any kind.
> Kind of a bum deal.
> Bill Baka

Sounds bad. I would try to isolate who is spamming.

i

>> i
>>
>> On 2008-07-28, larrys707 wrote:
>>
>>> This is a semi-Ubuntu question concerning Linksys routers. Comcast
>>> killed my port 25 outgoing e-mail claiming I was spamming and I have a
>>> WRT54G, but considering a GL and DD-WRT. Has anyone else had a wireless
>>> compromised like this? It was in 'open' unprotected mode for a while
>>> after a power glitch last week and apparently a war driver got into it
>>> before I found out. The wireless 802.11G is for my daughter's college
>>> work on her laptop and I haven't been able to catch her to get her MAC
>>> again, and lock out all others.
>>> The question is mainly if anyone has used the GL and or DD-WRT and how
>>> straightforward it is to work with.
>>> Dan C need not answer this, since it is not play time for me right now.
>>> There is the possibility that someone could have spoofed my email but
>>> that seems a bit more unlikely.
>>> Moog? Anyone?
>>> Bill Baka
>>>
>>> After a really pissy hour on the phone to Comcast legal.
>>>
>>
>>

--
Due to extreme spam originating from Google Groups, and their inattention
to spammers, I and many others block all articles originating
from Google Groups. If you want your postings to be seen by
more readers you will need to find a different means of
posting on Usenet.
http://improve-usenet.org/

Joe wrote:
> On 2008-07-28, larrys707 wrote:
>
>> This is a semi-Ubuntu question concerning Linksys routers. Comcast
>> killed my port 25 outgoing e-mail claiming I was spamming and I have a
>> WRT54G, but considering a GL and DD-WRT. Has anyone else had a wireless
>> compromised like this? It was in 'open' unprotected mode for a while
>> after a power glitch last week and apparently a war driver got into it
>> before I found out. The wireless 802.11G is for my daughter's college
>> work on her laptop and I haven't been able to catch her to get her MAC
>> again, and lock out all others.
>> The question is mainly if anyone has used the GL and or DD-WRT and how
>> straightforward it is to work with.
>> Dan C need not answer this, since it is not play time for me right now.
>> There is the possibility that someone could have spoofed my email but
>> that seems a bit more unlikely.
>> Moog? Anyone?
>> Bill Baka
>>
>> After a really pissy hour on the phone to Comcast legal.
>>
>
> Are you running a mail server on any machine? Sendmail or some other
> such software? Perhaps you have a win machine with a bot installed
> accidentally?
>
No server here since I turn off my machine when not in use and my
daughter's laptop is a battery eater. My win, when I am in it, has so
many protection programs that they are a maintenance problem on their
own, but my daughter insists on remaining ignorant of that stuff and
stubbornly refuses to use anything but XP, IE, and Outlook, with very
little protection. I snuck in Adaware and Spybot, and put AVG on over
her complaints so it is at least a possibility that her computer was the
source of the problem.
> Your router cannot send spam.
That much I know.
> Your router has not been compromised.
I didn't say that. It was wide open for a few days and someone could
have hooked into my wireless from down the street and it would show up
as my IP address to Comcast.
>
> You simply need to close port 25, if you are not using it for a Mail
> agent.
So far, I have been, but may turn paranoid and switch to port 587, as
Comcast wanted, but then I would have to mess with her computer and she
uses port 25 sometimes at a hot spot at Cal-State, causing me more home
problems.
She is an English and Psych double major and hates math and thinking
about computer details, a perfect example of a win-droid.
> If you are, you need to secure the agent. If whichever
> software you are using is allowing an open relay, you will transmit
> spam.
>
>
>
Pretty much FF and T-bird for me, Linux and XP, and IE and Outlook for
her, the stubborn daughter. Try telling a 4.0GPA double major, high IQ
daughter anything, and see what happens.....
She tells me "Everybody else uses Windows, why do you use weird
systems?", with a totally straight face.
Frustration, to an exponential level.
Bill Baka

Meat Plow wrote:
> On Mon, 28 Jul 2008 11:39:33 -0700, larrys707 wrote:
>
>
>> Dan C need not answer this, since it is not play time for me right now
>>
>
> Hahahahah why not just paint a bulls-eye on your forehead?
>
I couldn't resist.
Bill

Try installing Nessus and scanning the entire network. You can find
out if there are any other machines connected to your router, as well
as finding out which machines have port 25 open. If they are your
machines, lock down the mail agent on the offending machine.

--
Joe - Linux User #449481/Ubuntu User #19733
joe at hits - buffalo dot com
"Hate is baggage, life is too short to go around pissed off all the
time..." - Danny, American History X

On 2008-07-28, Bill Baka wrote:
> I didn't say that. It was wide open for a few days and someone could
> have hooked into my wireless from down the street and it would show up
> as my IP address to Comcast.

Yup, but fairly easy to correct and detect. Look at your router's
wireless MAC page, and check the connected clients. In your case,
there should only be one...

>>
>> You simply need to close port 25, if you are not using it for a Mail
>> agent.
> So far, I have been, but may turn paranoid and switch to port 587, as
> Comcast wanted, but then I would have to mess with her computer and she
> uses port 25 sometimes at a hot spot at Cal-State, causing me more home
> problems.

What is she using it for? With port 25 closed on the router, you can
still connect out to a mail server. The router doesn't block outgoing
connections.


--
Joe - Linux User #449481/Ubuntu User #19733
joe at hits - buffalo dot com
"Hate is baggage, life is too short to go around pissed off all the
time..." - Danny, American History X

Ignoramus9959 wrote:
> On 2008-07-28, larrys707 wrote:
>
>> Ignoramus9959 wrote:
>>
>>> How have you isolated the problem pointint it to the router?
>>>
>> We had a power glitch about a week ago that wiped the router settings
>> and went to default, leaving my wireless access point wide open. I use
>> Windows for some things, and have 2 totally separate Ubuntu Hardy
>> installations on two different drives.
>>
>
> So, the router was left wide open, and that possibly opened access to
> from the Internet to the servers that were inside, and they got hacked
> and were used for spamming. Is that Right?
>
That seems to be what happened. I have it partially locked down again,
but she is off to class so I can't get her MAC put back in or change the
router base from 1.101 to 8.101 as I had it. I don't run any servers
since her machine and mine are isolated (my choice), and I turn
everything but the router off when I am not using the computer. Spinning
1.75 TB all the time is kind of power hungry.
> Or, are you saying that wireless settings were made wide open and your
> neighbors could connect?
>
> Cound it be that your neighbors were spamming?
>
The only neighbor with half a clue is my 16 year old grandson and he
tried with his Play station so I locked him out a long time ago. The
other neighbors are clueless red necks, since I gave up on living in
Silicon valley years ago.
>
>>> Are you
>>> sure that it is your router that is spamming? This sounds somewhat
>>> improbable, so some clarification would be warranted.
>>>
>>> What is your home network topology, and where could spam possibly
>>> originate?
>>>
>>> Do you have any windows computers on the network?
>>>
>>>
>> The router is set up as the gateway to the Internet DSl, and my computer
>> is the 'Admin' on port 1 of the 10/100 Ethernet, with my daughter's XP
>> laptop on the 802.11G (locked mode). She is totally a win-droid, to
>> quote some one else, but I use a variety of systems, from DOS, to Sun,
>> Suse, Ubuntu, and, yes, XP, but never IE or Outlook.
>> Normally I have it set to channel 11, not the default, use WPA-TKIP,
>> lock it to her MAC address, and every other possible precaution,
>> including no DMZ or gaming holes to exploit. The computer is off when
>> not in use, since I am actually trying to conserve energy, so when the
>> router wireless is blinking I just assume it is her doing school work
>> for her two degrees, English and Psych, but nothing technical. I doubt
>> that I could have my Windows XP infected since I have levels of
>> protection, including a server type 3COM 3CR990 Ethernet card, and
>> Zonealarm, AVG, Avira, Adaware, and Spybot S&D. I also changed the
>> router default from 1.101 etc. to 8.101 as the base, so that normally
>> would be pretty hard for someone to guess. The next step might be to
>> enable port forwarding to Comcast and to tell them to *only* allow those
>> 2 to be recognized, but that could, maybe, kill some of my bit torrent
>> downloads for program updates or new distributions.
>> That leaves me wondering if SHE did get infected on her laptop???, or if
>> there is someone in my hick town that actually knows how to 'war-drive',
>> since I live in mostly red neck territory.
>>
>
> Could be anything, but you can find out with some persistence. If your
> router has some advanced settings, you can block ports by IP.
I do and did until the power glitch. I only allow her IP and MAC
address, unless the router resets and doesn't tell me.
>
>
>
>> The last, and only infection I ever got was ten years ago when somebody
>> found a port 445 hole in my windows NT.
>> I hate windows, but the truth is I have to have it for work projects for
>> my clients now that I don't work a 40 week as a captive employee any more.
>> Even Comcast legal can't tell me what happened, except that they sent me
>> an email that I never got and blocked me as a spammer.
>> The reason the router reset got by me is that both her system and mine
>> just looked for the router and went back to default without giving me a
>> flag of any kind.
>> Kind of a bum deal.
>> Bill Baka
>>
>
> Sounds bad. I would try to isolate who is spamming.
I do, hence my war on porn spamming the group, that started so much
****. The router has an in/out log I examine from time to time, but the
reset default is no log, and Comcast legal could not even tell me what
incident caused them to block me.
>
>
> i
>
>
>>> i
>>>
>>> On 2008-07-28, larrys707 wrote:
>>>
>>>
>>>> This is a semi-Ubuntu question concerning Linksys routers. Comcast
>>>> killed my port 25 outgoing e-mail claiming I was spamming and I have a
>>>> WRT54G, but considering a GL and DD-WRT. Has anyone else had a wireless
>>>> compromised like this? It was in 'open' unprotected mode for a while
>>>> after a power glitch last week and apparently a war driver got into it
>>>> before I found out. The wireless 802.11G is for my daughter's college
>>>> work on her laptop and I haven't been able to catch her to get her MAC
>>>> again, and lock out all others.
>>>> The question is mainly if anyone has used the GL and or DD-WRT and how
>>>> straightforward it is to work with.
>>>> Dan C need not answer this, since it is not play time for me right now.
>>>> There is the possibility that someone could have spoofed my email but
>>>> that seems a bit more unlikely.
>>>> Moog? Anyone?
>>>> Bill Baka
>>>>
>>>> After a really pissy hour on the phone to Comcast legal.
>>>>
>>>>
>>>
>>>
>
>
Sigh.
Bill Baka

Joe wrote:
> Try installing Nessus and scanning the entire network. You can find
> out if there are any other machines connected to your router, as well
> as finding out which machines have port 25 open. If they are your
> machines, lock down the mail agent on the offending machine.
>
>
Sounds reasonable, but I should only have mine and my 'not so little
girl's' computer on it. Worth a shot though.
Bill Baka

Joe wrote:
> On 2008-07-28, Bill Baka wrote:
>
>> I didn't say that. It was wide open for a few days and someone could
>> have hooked into my wireless from down the street and it would show up
>> as my IP address to Comcast.
>>
>
> Yup, but fairly easy to correct and detect. Look at your router's
> wireless MAC page, and check the connected clients. In your case,
> there should only be one...
>
Been there, done that, had it locked to only her MAC, and will as soon
as I can get my hands on her laptop.
Major PMS right now, so not safe.
>
>>>
>>> You simply need to close port 25, if you are not using it for a Mail
>>> agent.
>>>
>> So far, I have been, but may turn paranoid and switch to port 587, as
>> Comcast wanted, but then I would have to mess with her computer and she
>> uses port 25 sometimes at a hot spot at Cal-State, causing me more home
>> problems.
>>
>
> What is she using it for? With port 25 closed on the router, you can
> still connect out to a mail server. The router doesn't block outgoing
> connections.
>
>
>
You may send me back to the books on that one. I was under the
impression that SMTP wanted port 25, just as news wants 119, etc.
Bill Baka

* Bill Baka wrote in alt.os.linux.ubuntu:

[...]

>>
> You may send me back to the books on that one. I was under the
> impression that SMTP wanted port 25, just as news wants 119, etc.
> Bill Baka
>

News wants to CONNECT to SERVER with 119 open just as SMTP wants to connect
to a server with 25 open. You can close every port on the client box and
still get mail and read news. Those ports are SERVER ports.

--
David

* larrys707 peremptorily fired off this memo:

> We had a power glitch about a week ago that wiped the router settings
> and went to default, leaving my wireless access point wide open. I use
> Windows for some things, and have 2 totally separate Ubuntu Hardy
> installations on two different drives.

Yeah, I'd keep your router on the UPS, too.

> I hate windows, but the truth is I have to have it for work projects for
> my clients now that I don't work a 40 week as a captive employee any more.

Still captive, here.

--
I was the best I ever had.
-- Woody Allen

SINNER wrote:
> * Bill Baka wrote in alt.os.linux.ubuntu:
>
> [...]
>
>
>>>
>>>
>> You may send me back to the books on that one. I was under the
>> impression that SMTP wanted port 25, just as news wants 119, etc.
>> Bill Baka
>>
>>
>
> News wants to CONNECT to SERVER with 119 open just as SMTP wants to connect
> to a server with 25 open. You can close every port on the client box and
> still get mail and read news. Those ports are SERVER ports.
>
>
Makes sense.
Thanks,
Bill

Linonut wrote:
> * larrys707 peremptorily fired off this memo:
>
>
>> We had a power glitch about a week ago that wiped the router settings
>> and went to default, leaving my wireless access point wide open. I use
>> Windows for some things, and have 2 totally separate Ubuntu Hardy
>> installations on two different drives.
>>
>
> Yeah, I'd keep your router on the UPS, too.
>
>
>> I hate windows, but the truth is I have to have it for work projects for
>> my clients now that I don't work a 40 week as a captive employee any more.
>>
>
> Still captive, here.
>
>
Yeah, They don't pay me to preach Linux.
Bill

"larrys707" wrote in message
news:Gnojk.19289$N87.540@nlpi068.nbdc.sbc.com...

> The question is mainly if anyone has used the GL and or DD-WRT and
> how
> straightforward it is to work with.

Back to your original question...

I've been using DD-WRT on the same router as yours for a 2-3 years for
now. The use of it is quite strait forward, since it have a very good
GUI and provides you with integrated help.

I would advise you for the begining to mostly accept all defaults but
enabling desired wireless security, firewall, desabling web access to
the router, may be desabling remote ssh access (unless you need it),
and setting up a strong password.

I would not expect you having any difficulty in using it. The only
possible pitfall is actually in burning in the DD-WRT firmware, since
by not doing it right you can easily brick your router.

So, I advise to you to read available and related documentation here
http://www.dd-wrt.com/wiki/index.php/Main_Page before you attempt
burning your new firmware.

It's pretty straight forward procedure but should be done carefully.
I was doing it at least 3 times with always success while upgrading
from version to version. But you should be aware that posibility to
brick your router theoretically does exist.

Though the benefit of using DD-WRT way outweighs the risk. It is
really good. The pathetic proprietary Linksys firmware is in no
comparison with it.

And it never left me open after power failures. :-)

"larrys707" wrote in message
news:Gnojk.19289$N87.540@nlpi068.nbdc.sbc.com...
> This is a semi-Ubuntu question concerning Linksys routers. Comcast
> killed my port 25 outgoing e-mail claiming I was spamming and I have a
> WRT54G, but considering a GL and DD-WRT. Has anyone else had a wireless
> compromised like this? It was in 'open' unprotected mode for a while
> after a power glitch last week and apparently a war driver got into it
> before I found out.

If you have verified that the router actually forgot to be in WPA mode,
that's awfully naughty of it, power glitch or no. You might want to give a
shout in some Cisco newsgroups (Linksys is owned by Cisco). However, it's
also possible that through a hack of a (most likely) Windows machine, a
command got sent to the router at its normal default IP address to TELL it
to go into unprotected mode. Such a hack can happen through a virus or
through visiting an engineered or compromised web page with Javascript or
buffer overflow, etc. exploits in it. You might also want to consider a
different wireless router (Belkin/My Essentials is one of many) that lets
you set an administrative password on it, then set a nontrivial
administrative password as well as changing the IP address of its LAN to
something other than the default 192.168.2.X or whatever it may be.

Vitorio Okio wrote:
> "larrys707" wrote in message
> news:Gnojk.19289$N87.540@nlpi068.nbdc.sbc.com...
>
>
>> The question is mainly if anyone has used the GL and or DD-WRT and
>> how
>> straightforward it is to work with.
>>
>
> Back to your original question...
>
> I've been using DD-WRT on the same router as yours for a 2-3 years for
> now. The use of it is quite strait forward, since it have a very good
> GUI and provides you with integrated help.
>
I have heard nothing bu good about it.
> I would advise you for the begining to mostly accept all defaults but
> enabling desired wireless security, firewall, desabling web access to
> the router, may be desabling remote ssh access (unless you need it),
> and setting up a strong password.
>
The DD-WRT defaults are probably better than the Linksys defaults, and I
don't need ssh since when I am out, I don't want to be bothered. My
passwords are generally mathematically derived, like a prime number
sequence up to 47 or so, or what ever comes to mind, even some sequences
from a Mensa test, like letters with all straight lines in caps, and
curved letters in small case.
> I would not expect you having any difficulty in using it. The only
> possible pitfall is actually in burning in the DD-WRT firmware, since
> by not doing it right you can easily brick your router.
>
I've already read plenty about that possibility, so I am aware. Backup,
backup, and be really careful. Not something to tackle while talking to
the wife.
> So, I advise to you to read available and related documentation here
> http://www.dd-wrt.com/wiki/index.php/Main_Page before you attempt
> burning your new firmware.
>
> It's pretty straight forward procedure but should be done carefully.
> I was doing it at least 3 times with always success while upgrading
> from version to version. But you should be aware that posibility to
> brick your router theoretically does exist.
>
The benefits at this point do seem to outweigh the risk. My firmware has
been stuck at 1.3000 IIRC since I bought the router.
> Though the benefit of using DD-WRT way outweighs the risk. It is
> really good. The pathetic proprietary Linksys firmware is in no
> comparison with it.
>
Amen. I was thinking of the GL model because it has a faster CPU and
much more memory to play with, but it may not be needed with just DD-WRT.
> And it never left me open after power failures. :-)
>
>
>
It was actually about a one second dropout while I was watching the news
with the computer off and the router on.
The router may have seen it as a remove power reset attempt, but I did
pretty much have to un-brick it after that, but I forgot to check my
security settings, so bad on me.
As to burning an image, that is easy with my windows Nero that came with
my Sony DRU-840 DVD+/- RW drive.
I have spent some time today looking at the repositories and so far
found no one answer that I am totally happy with. There are some things
I have found that do work better (or easier) in windows, and some that
can't be beat in the Linux universe. Someone once said that Linux will
only take off after there are enough good applications for it and I am
finding that to be true.
Many thanks,
Bill Baka