A slightly better way to filter wireless multicast on DD-WRT

Wi-Fi is a shared, half-duplex medium. Furthermore, every unicast frame must be acknowledged by the receiver. Combine these facts with a crowded spectrum in most areas, and we have every reason we need to keep unnecessary traffic off the airwaves.

Continue reading A slightly better way to filter wireless multicast on DD-WRT

Harden DD-WRT against DNS rebind attacks

Yesterday I watched the presentation by Craig Heffner at DEFCON 18, where he describes using DNS rebind attacks to gain access to routers’ configuration pages from the public Internet. It’s a pretty complicated attack, requiring a rogue domain and server, and whose success relies on two pretty glaring end-user mistakes:

  1. Visiting that rogue domain and server; and
  2. Leaving a weak or default username and password on the router’s admin page.

Most people savvy enough to flash their router with DD-WRT know enough to steer clear of those mistakes, but it still bothers me that DD-WRT remains technically vulnerable to this attack.

Continue reading Harden DD-WRT against DNS rebind attacks