Re: wheezy drive recognition?

To: debian-user@lists.debian.org
Subject: Re: wheezy drive recognition?
From: Gene Heskett <gheskett@wdtv.com>
Date: Fri, 17 Apr 2015 12:27:23 -0400
Message-id: <[🔎] 201504171227.23283.gheskett@wdtv.com>
In-reply-to: <[🔎] 20150417134604.7a306d07@monster.nillabs.com>
References: <[🔎] 201504142230.25345.gheskett@wdtv.com> <[🔎] 201504170649.42575.gheskett@wdtv.com> <[🔎] 20150417134604.7a306d07@monster.nillabs.com>


On Friday 17 April 2015 07:46:04 Petter Adsen wrote:
> On Fri, 17 Apr 2015 06:49:42 -0400
>
> Gene Heskett <gheskett@wdtv.com> wrote:
> > On Friday 17 April 2015 06:19:31 Petter Adsen wrote:
> > > On Fri, 17 Apr 2015 05:54:08 -0400
> > >
> > > Gene Heskett <gheskett@wdtv.com> wrote:
> > > > On Friday 17 April 2015 02:33:59 Petter Adsen wrote:
> >
> > [...]
> >
> > > Is that long ago? Flash memory has come a long way in recent
> > > years.
> > >
> > > I'm running SSDs on my desktop, and them burning out is not
> > > something I'm all that concerned about. Mounting with relatime is
> > > probably a good idea, though.
> >
> > At the time I set it up on a then elderly k6-iii box , 8+ years ago,
> > it was bleeding edge. I half expected to get cut. ;-)
> >
> :-) Things have changed quite a bit in that intervening time, in the
>
> case of flash usually for the better :)
>
> > > Recently I bought a new router, and I've been just itching to
> > > install DD-WRT on it, I made sure to check it was compatible
> > > before buying it. The default firmware isn't bad, I'm just
> > > concerned about security, and there are a few options I miss.
> > > Besides, it's running an ssh server on the internal interface, for
> > > which I can't get a password or key :(
> >
> > Because you reset it from the defaults and forgot it?  If not, and
> > it came out of the box that way, either reflash it before it ever
> > sees a network connection, or turn it back as defective.
>
> Oh no, I haven't had anything to do with that. The ssh server isn't
> even mentioned in the docs or in the web interface, there is no way to
> shut it down. It is only running on the internal interface, though,
> that's why I haven't flashed it yet. But I don't like it.

Ok, I would advise you get that with dd-wrt too, and its possible I 
believe to set a different admin/passwd for it, but that may depend on 
how much room the is in the flashrom to do that.

> I asked the manufacturer for a key/password, but they wouldn't give it
> to me. It's *my* damn router, I paid for it.

Most routers have a default admin/passwd setup, well known unfortunately, 
so the first thing you do is change whatever it will allow to to change 
just so you really do own the SOB.  Mostly admin/admin.  Assinine IMO.
Sometimes its only the passwd you can change.  And I have run into such 
that had a passwd length limit and silently threw away the surplus, in 
which case you take the one you thought you set, shorten the right end 
of it till the thing works, and correct your records.  Once it took the 
last x characters and I had to take them off the front to get back in.  
Somebody on the 3rd floor must have thought that hiding such details 
made it more secure. Hello? They ought to have been dumped out of that 
3rd floor window IMO.

> Another dumb thing is that the DDOS protection is only running on the
> _internal_ interface. As I don't need anyone to keep me from
> ICMP-flooding anyone else, that seems like a really stupid decision.

Agreed.

> > When flashing, change the password, and the admin account name if
> > you can, but in either event, paint it on it so you can always get
> > back into it if its in your home & secure.  And use 18+ char
> > passwords, make the blackhats work their butts raw to get into it.
>
> Don't worry, I have locked it down as hard as I can, even though it
> makes it a pain to connect new devices.

There is that too.

> I use keepassx on Linux to keep track of passwords/logins etc, as I
> use long, random passwords for everything. It's a nice little piece of
> software. There is also an "official" KeePass v1 and v2, but they
> require mono. The only thing I really miss in keepassx is the ability
> to keep track of keys (ssh/gpg), so I use seahorse for that. If anyone
> knows of something that will take care of both that has most of the
> features of keepassx, I'm interested to know about it.
>
> > Not to mention it quite likely has a NSA backdoor in it, separate
> > from the ssh. dd-wrt is clean AFAIK.
>
> I think it's Chinese or Taiwanese, so it's probably the Communist
> Party that has the backdoor :)
>
> But thanks for your concern! :)
>
> Petter

Yeah, but if we ALL made the net secure, the NSA wouldn't just have cows, 
they would have Brontosaurus's.  Asshats all, regardless of the native 
tongue.

Take Care Petter.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply to:

References:
- wheezy drive recognition?
  - From: Gene Heskett <gheskett@wdtv.com>
- Re: wheezy drive recognition?
  - From: Gene Heskett <gheskett@wdtv.com>
- Re: wheezy drive recognition?
  - From: Petter Adsen <petter@synth.no>

Prev by Date: Re: wheezy drive recognition?
Next by Date: Re: wheezy drive recognition?
Previous by thread: Re: wheezy drive recognition?
Next by thread: Re: wheezy drive recognition? Now: routers
Index(es):
- Date
- Thread