What's new

[Security] - reminder to stay secure

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

The ideal security device specializes in one thing - security. It is not fear mongering to recommend best practices for your router, especially when nothing stops an uninformed person from allowing WAN connections to ssh/webgui.
 
All good - advice I provided is not "fear mongering" but intended for the better...

Anyways - RMerlin's firmware builds are pretty solid, as are the factory builds for the most part - and Asus, I've been hinted here on the forums, is going down a different path perhaps...

As for me - I'm a ex-developer/systems engineer/product dev/architect guy, and have self-funded something entirely new...

So you can do padovan or whatever... perhaps DDWRT or OpenWRT are your friends here...

But do not call me a fear monger for stating basic advice that most should consider...


sure i can apologize for saying that, but to the common user thats not a developer or a technician reading those statements says only one thing dont do anything on your router.

what we should encourage is that read about the features and learn about your router dont just go on your buddies advice that the router they recommended is the shirt cause it has cool features, i rather have the most dull interface if i know it works and is working as intended its when corporations lock users out of the process with proprietary stuff that users have no control over then lets it stagnate and get exploitable.

think we both agree on that atleast as for your new project ive been keeping an eye on it it looks nice and i hope you pull it off both with the hardware and the software.
 
I would like to add, just use Ctrl+F and search for "Password auth succeeded" in system logs. If any line show "Password auth succeeded" with unknown IP at the back, then it is likely that the router had been hacked.

For example, this was what happened to mine:

dropbear[18810]: Password auth succeeded for 'admin' from 37.8.101.9:50693

37.8.101.9 IP is not my country's IP, so I think my router was hacked.
I checked and discovered same entries as you, slightly different IP address which is listed as being in Palestine!

Can someone explain the worst case scenario if the above is true and my router was "hacked"??
 
Last edited:
I checked and discovered same entries as you, slightly different IP address which is listed as being in Palestine!

Can someone explain the worst case scenario if the above is true and my router was "hacked"??
yes

turn off remote administration etc. follow the advice given by sfx2000 and remember that services thats not needed shouldnt be active on wan interface.
 
Last edited:
read the thread! there is good advice in the thread about security and what settings you should turn off in order to secure your router.
 
read the thread! there is good advice in the thread about security and what settings you should turn off in order to secure your router.
yeah...read it already. But it seems you are saying to "activate services not needed..." A tad confusing to me.
 
i didnt say activate the services not needed... i said the opposite turn off shirt thats not needed.. sry your on your own im way too busy today to help out.
 
I checked and discovered same entries as you, slightly different IP address which is listed as being in Palestine!

Can someone explain the worst case scenario if the above is true and my router was "hacked"??
It seems like automated attack from other something like botnets, so the IPs come from any worldwide infected device(won't get specific IP as I got almost 10 different IPs worldwide).

The worst cases would probably be that it uses your router as botnet to infect more people, help to launch DDOS attack, collect your private information, redirect you to malicious/ads websites instead of the real websites your devices request, etc.

Swetoast means that no services should be exposed to WAN. It's probably typing mistake.
 
Padavan raised my eyebrows when I heard "wireless client mode" was made possible on Asus routers. If I have to name one feature that how 3rd party developers achieves it..that'll be it.

Look..I used to hear ppl come here to ask for "wireless client mode" on asuswrt/merlin, it still isn't available.

:)
Why this does not sink in I will never know. Adding "wireless client mode" is completely outside what Merlin is doing with the firmware. If you want it go to Asus and ask or find another router. People continually fail to understand the scope of this project.
 
May I know how is the ftp server on Asus router. Is is secured, assuming I use long password?
 
I have an Asus router at a remote site, which I plug in a USB HDD. I am using ftp to backup my files to this site. Looks like this is not a good idea.

Any suggestion how I can do this more securely? I can vpn to the remote sit but I don't think I can have the ftp server to reject external connection...
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top