OT? Linux-based trojans now targeting WRT and other linux-based routers

[Technomage]

Lisa Kachold wrote:
> Well, the sad fact is that _any_ machine will kick over and barf it's guts under distributed attacks; it just depends on what it does after the green slime clears..
> Also, it really helps if you run one that won't take WRT, or only runs on an arm, with small memory therefore they aren't too hot to pwn you.  Linksys put out the source, whereupon I built my own, and played with the features; you know kiddies are doing this also.  
>
> Course, if you have a WRT-able router, it's a good idea to set it up as a small linux system, but you have to know how to work it; starting by iptable deny all of china is a good start.
> I have had mine owned regularly; I just flash it again.  Mine is easy to determine, since it suddenly starts showing AIM ports open.  Once they target you successfully, they will insidiously continue to keep track of you; rather like trophy hunting.
> I could have done a complete defcon presentation on various routers by this time.  
> That's why I always suggest to everyone, if you see something strange, you see something strange, report it, complain, study it, rather than continuing to agree with everyone in denial about the sad state of security.
> Obnosis | (503)754-4452
>
>
>
>
> PLUG Linux Security Labs 2nd Saturday Each Month at Noon - 3PM
>   
Lisa (and others),
I don't tend to generally trust the "commercial grade" devices 
available. they can't handle what I do with my home connection on a 
daily basis
(and the last thing I want is some script kiddie pwning my router). I 
use OpenBSD here as my firewall machine (I have both a hardware version
and vmware). I tend to keep close track on these and so far, neither 
have been "pwned" after nearly 5 years of continuous use. I used to use a
linux firewall before that, but had problems with rootkits.

Even with this, it still doesn't hurt to have a whole bevy of security 
tools at hand for "just in case" (like windows, linux, OS X, etc).