Netgear Hides Router Backdoor Instead of Fixing It
A very recent firmware analysis from the reverse engineer Eloi Vanderbeken shows that NETGEAR didn't fix the backdoor on port 32764 but instead implemented a knocking feature that is now required to unlock the service.Summary from the slides: The knocking feature is initiated when a "packet type == 0x201" arrived at "ft_tool" that listens to the Ethernet packets. It only works with EtherType 0x8888 and the payload has to be "45d1bb339b07a6618b2114dbc0d7783e" which is the MD5-hash of the model number DGN1000. If such a packet arrives, the backdoor service /usr/bin/scfgmgr f- is launched.
Ars Technica reports :
The nature of the change, which leverages the same code as was used in the old firmware to provide administrative access over the concealed port, suggests that the backdoor is an intentional feature of the firmware and not just a mistake made in coding. "It's DELIBERATE," Vanderbecken asserted in his presentation.
(Cross posted on Soylentnews)
Perhaps one solution is to be unabashed about partially copying/mirroring good links from other sites, whether or not they are individually submitted by Pipedot members. People at Soylent are bitching at people who complain about old articles -- "why didn't YOU submit it then, big shot" -- but there's nothing wrong (ethically or legally) with using some links at another aggregator as a basis for discussion here. You can separate it into a "The Slashdot Feed" category if you must, though I wouldn't recommend that...
The idea is to use the same articles (everything at Slash/Soy/etc. is pointing to 3rd and 4th party sites anyway) as a starting point for discussion on a site that people DO enjoy using...
(Loving these text captchas by the way.)