On Fri, 17 Apr 2015 06:49:42 -0400 Gene Heskett <gheskett@wdtv.com> wrote: > On Friday 17 April 2015 06:19:31 Petter Adsen wrote: > > On Fri, 17 Apr 2015 05:54:08 -0400 > > > > Gene Heskett <gheskett@wdtv.com> wrote: > > > On Friday 17 April 2015 02:33:59 Petter Adsen wrote: > [...] > > Is that long ago? Flash memory has come a long way in recent years. > > > > I'm running SSDs on my desktop, and them burning out is not > > something I'm all that concerned about. Mounting with relatime is > > probably a good idea, though. > > > At the time I set it up on a then elderly k6-iii box , 8+ years ago, > it was bleeding edge. I half expected to get cut. ;-) :-) Things have changed quite a bit in that intervening time, in the case of flash usually for the better :) > > Recently I bought a new router, and I've been just itching to > > install DD-WRT on it, I made sure to check it was compatible before > > buying it. The default firmware isn't bad, I'm just concerned about > > security, and there are a few options I miss. Besides, it's running > > an ssh server on the internal interface, for which I can't get a > > password or key :( > > Because you reset it from the defaults and forgot it? If not, and it > came out of the box that way, either reflash it before it ever sees a > network connection, or turn it back as defective. Oh no, I haven't had anything to do with that. The ssh server isn't even mentioned in the docs or in the web interface, there is no way to shut it down. It is only running on the internal interface, though, that's why I haven't flashed it yet. But I don't like it. I asked the manufacturer for a key/password, but they wouldn't give it to me. It's *my* damn router, I paid for it. Another dumb thing is that the DDOS protection is only running on the _internal_ interface. As I don't need anyone to keep me from ICMP-flooding anyone else, that seems like a really stupid decision. > When flashing, change the password, and the admin account name if you > can, but in either event, paint it on it so you can always get back > into it if its in your home & secure. And use 18+ char passwords, > make the blackhats work their butts raw to get into it. Don't worry, I have locked it down as hard as I can, even though it makes it a pain to connect new devices. I use keepassx on Linux to keep track of passwords/logins etc, as I use long, random passwords for everything. It's a nice little piece of software. There is also an "official" KeePass v1 and v2, but they require mono. The only thing I really miss in keepassx is the ability to keep track of keys (ssh/gpg), so I use seahorse for that. If anyone knows of something that will take care of both that has most of the features of keepassx, I'm interested to know about it. > Not to mention it quite likely has a NSA backdoor in it, separate > from the ssh. dd-wrt is clean AFAIK. I think it's Chinese or Taiwanese, so it's probably the Communist Party that has the backdoor :) But thanks for your concern! :) Petter -- "I'm ionized" "Are you sure?" "I'm positive."
Attachment:
pgpnDARg23KEq.pgp
Description: OpenPGP digital signature