[svlug] Intrusion detected: What's the best response

[Ivan Sergio Borgonovo]

On Wed, 11 Jun 2014 23:22:27 +0100
Sanatan Rai <sanatan at gmail.com> wrote:

> Dropped many quid on a replacement from the same bunch. I suppose I
> should promise that if this happens again I won't be complaining on
> this list, having been well advised otherwise.

Newer one seems to have Linux inside. But that may not be enough.
If no one else right now is taking care of the firmware other than the
manufacturer, that doesn't have an astonishing track for security, you
may find yourself in a similar situation.

You may be lucky enough and even if you didn't check, that hw is
supported by openwrt.

Building anything that could run debian, has wifi and integrated switch
and doesn't consume too much power may be expensive and hard to replace
in case it breaks.
There are tons of embedded boards that could run debian and they are
getting cheaper and cheaper... but still none of them seems to be built
to be a wifi router, they can be turned into one but that requires
extra money and effort.
Meanwhile even SOHO router are getting more powerful and cheaper.

Over featured SOHO router are not well supported by openwrt (integrated
modem, PSTN ports etc...).
Still you can find very well supported routers with a lot of RAM and
flash, a fast CPU, fast wifi, gigabit lan for $60. An ADSL modem cost
around 20$ and a pbx box for 30$.

And everything is easy and cheap to replace and easy to maintain and is
much more flexible than a "cool overfeatured proprietary router".

> Still, for now wireless etc disabled and will yank the cable off the
> splitter until I am sure I have turned `evrything off'. But then
> again, I was quite sure with this other one.

Try to google "xss router" or "csfr router" and you may get an idea how
even if "everything was turned off they succede to get in.
But maybe they used some other vulnerability...

-- 
Ivan Sergio Borgonovo
http://www.webthatworks.it