@Rizvanrp:
is this why the DIR-615 feels so laggy when accessing it? =x

Oh no, CCNP's and their logic ._.

Never once did I claim this was for TM to 'spy' on you, I said its a hole for outsiders to spy on you or mess with you. I stated that TM doesn't need to spy on you when they control the network.

The problem is because there's this secondary account, other people can log into your router and enable the SSHd for busybox. As a CCNP, you should already be aware of the implications of SSHd running on your Internet gateway with full root access to the outside world?

SSHd comes with a few functions, you have SCP/SFTP (which is disabled on this dropbear build) and most importantly.. it has the ability to do SOCKS forwarding. I've already tested this and it works -- in order words, I was able to turn every Unifi router into an open SOCKS proxy. Imagine what I could do, credit card fraud, ICMP based DDoS attacks.. etc., this doesn't concern you as a CCNP?

The router also has about 10MB of free ram and a filesystem loaded to utilize it, what if I compile a special binary for busybox then pull it into the router using tftp or ftpget? This binary could be a traffic sniffer, dynamic IP notifier and so on, what then? The main router that's handling all your Unifi traffic has a traffic sniffer attached to it but you still feel your network is secure?

Did you know every Unifibiz (with static PPPoE addressing) has this enabled by default? That anyone can access the router and do all this shit?

So please, I get that you're a CCNP and you could build your own Internet if you wanted but you and I both know that leaving an embedded Linux based router with SSHd wide open to the internet while its routing all your Internet traffic is a bloody bad idea and its highly exploitable. I wouldn't write a thread like this unless I've already done the attacks and understood the implications. I'm glad you know how to setup networking hardware and advanced routing protocols but when it comes to security you seem to be completely 'blur'.


You really think that BusyBox can only 'play with the settings' and cut you off the net? Lol, you need to get off IOS and into embedded Linux. It's stupid assumptions like this which created this mess in the first place. You have a VLAN capable router here with a full embedded Linux distro running on it and you assume all it runs is a PPP daemon. Bloody laughable.


There's no way such a cheap device could have a webserver with a PHP interpreter huh?

Maybe you should work on that CEH soon

This post has been edited by rizvanrp: May 29 2010, 08:40 PM

This, last time my company applied for streamyx, they also have remote management enabled. At first I was curious if my boss did enable remote management on the modem since he use remote desktop on one of the account computer..but no, he didn't even noticed.

So I just straight away disable the remote management on the modem, and changed the password to stronger password, password with symbols, caps, numeric and alpha.

So it seems in unifi case...I'm suspecting tm try to monitor what kind of data/packet their user currently using most?
And does involves companies as well? ...sounds like way than data privacy breach here....

Thanks for the TS for the head-up.

no matter how, this should be reported to mcmc/mycert already...since other groups/people might use this advantage and abuse existing unifi users...think what kind of damages they might causes?


sigh, monopoly player...

This post has been edited by GameSky: May 29 2010, 08:36 PM

ya...i also cannot tahan with the last line..when he put he is CCNP..lolzz

This post has been edited by ciohbu: May 29 2010, 08:56 PM

so you want to tell me. that by disabling that other management account. and cause you know how to give a good password for your own user account. your modem/router is secured?

the first thing in security, there is no security. Even if you unplug your system from the internet. there is possible of security attacks.

Believe me. if someone wants to use that box you have for hacking. they would have done it long time ago.

so when it comes to, should ISP make an account for them to access your box to assist you. or should they close it. They rather make an account.

If later on they can't control the situation cause all the boxes turned into bots. then it is their issue to solve.

Just know that by disabling that account, you are not safer than when it was open. cheers

@night_wolf_in

Glad you've changed your stance from 'this is not significant' to 'this is not secure'. I guess you finally see what root access on this router allows an attacker to do so I'm happy for you

I am fully aware that nothing is secure, the fix I gave is only to temporarily secure their routers from outside attacks on the WAN. The LAN can still access the SSH daemon by default, it cannot be turned off.

Having this extra security will already prevent a multitude of attacks people can perform. The only way to completely remove this is to access that secondary account and change the password, set up iptables or disable that account completely @ the /etc/passwd level.


Unfortunately, I was the first person to discover it so this doesn't really apply . But if you're just talking about hacking for router boxes, google DD-WRT. There's already a huge community set up. These attacks start now and its better I disclose the vulnerability than let their user base grow to the point it cannot be stopped. At least if their tech's are reading this, they will disable the feature in their future installs and possibly change their policy to let the user utilize the main admin account or upgrade their firmware to completely remove this account.

This shit has to stop now, they can't keep treating their users like morons.

Its not a problem if the user ever forgets the password because these systems run on FLASH memory with the bootloader being in ROM. They can just hit a reset button and everything is fixed (including the NVRAM parameters). There's no reason not to trust the user with this account. In fact, giving them access to this account will allow them to use the DIR-615 as a VLAN - physical port bridge and completely remove this exploit.

I went to a Unifibiz setup once and the company (a very large one) was forced to use the DIR-615 for routing because the latest ZyWall did not support PPPoE over VLAN interfaces. I'm pretty sure the sysadmin changed the 'admin' password and left remote management open because it lets him remotely diagnose problems with the router instead of having to stand in the server room all day. I don't think he's aware of this secondary account which bypasses that completely.

So yeah

This post has been edited by rizvanrp: May 29 2010, 09:13 PM

hey i just got unifi installed yesterday. was trying to fiddle with the router settings but i realised they didnt give me the password; so, i reset the damn thing haha. but i didnt know about the "global account" thing, whats the user/pass for that? care to PM me anyone?

Sorry I forgot to add this in, Unifi's main VLAN has no caps on it. Every user is capped at the account level only. This means if a 5mbps breaks into a 20mbps users router and takes his user/pass, he will get 20mbps at home. Nice job TM

Since you're going to be implementing an account cap, I can't imagine what people would do to get past it

This post has been edited by rizvanrp: May 29 2010, 09:25 PM

Unfortunately the Dlink DIR-615 doesn't have gigabit ethernet ports.Else this would mean havoc!

But you can still assign multiple 20M accounts to each port or maybe choose to watch IPTV channels in different rooms at home.
Dedicated 20M for each computer

You have 4 ports to play with

if u are really ccnp, u should know that nothing is 100% secured, u deal with enterprise a lot in ur work rite? i believe u do disable some unnecessary cisco router services such as bootp .. and giv ur router a AAA authentication .. ya.. it is not secured but at least its better than nothing.. same goes to this unifi router.

i notice that ur ideology is kinda funny.. that "if someone wants to use that box you have for hacking. they would have done it long time ago " .. izzit mean that if my new pc doesn't get hack on 1st day without antivirus, i no need to install antivirus for the rest of my life on that pc ?

This post has been edited by ciohbu: May 29 2010, 09:42 PM

according to my belkin router, remote management means:


Remote Management
Before you enable this function, MAKE SURE YOU HAVE SET THE ADMINISTRATOR PASSWORD. Remote management allows you to make changes to your Router's settings from anywhere on the Internet. There are two methods of remotely managing the router. The first method is to allow access to the router from anywhere on the Internet by selecting "Any IP address can remotely manage the router". By typing in your WAN IP address from any computer on the Internet, you will be presented with a login screen where you need to type in the password of your router. The Second method is to allow a specific IP address only to remotely manage the router. This is more secure, but less convenient. To use this method, enter the IP address you know you will be accessing the Router from in the space provided and select "Only this IP address can remotely" manage the Router. Before you enable this function, it is STRONGLY RECOMMENDED that you set your administrator password. Leaving the password empty will potentially open your router to intrusion.

So, if they cud only change the router settings, they can't spy our porns?

does disabling Remote Management from the standard "admin" account disable it from the routers global access as well? or do we have to use the "hidden" account to disable it?

Its different from router-to-router. In this case, the remote management lets you enable the SSH server. The SSH server gives you full control over the router, more than whats in the web UI. And since there's a secondary account to access the remote management, there's really no security at all lol

Thanks for putting it up

Really bad people can do really mean thing , having SSH is like having candy , oh wait , did I say that it grants you root access. Oh goodie , someone could be stealing all your porn (maybe who knows you might have sharing enabled and I could exploit it , by silently installing OpenVPN , does it even fit , I hope it does and silently be part of your network). They should do something about it

I believe that this is not the first Unifi "exploit", the first one was access to more channel of its IPTV ??? Until TM decided to scramble IPTV

If i use VPN will that at least give me some privacy despite all the stuff you mentioned ??? That is all i want to know

Does anyone else think tmnut should hire Riv and give him a 6 figure salary ??? *raise hands

This post has been edited by Moogle Stiltzkin: May 29 2010, 11:48 PM

Sometimes high speed are not good when exploit found, especially on router or modem, using fiber optics at high speed, your computer might be nightmare for your whole life if those "have full right over your router or modem" to perform the attacks.

unifi currently is available at my area.. after readin all tis.. dunno whether shuld i upgrade to unifi or nt.. i'm nt a tech savvy.. might nt kno much.. neway.. those who haf unifi.. may i kno hw is the overall speed? heard tat they will capped their speed soon.. is tat true?

SSH

Isn't that shell, can connect using PuTTy and linux