One of our roaming partners raised a concern regaring the security of our hotspot implementation based on the following articles.
http://www.irongeek.com/i.php?page=secu ... rf-example
http://www.gnucitizen.org/blog/persiste ... r-wag54gs/
Is the concern valid that similar "malicious commands" can be issued to ROS via the hotspot service? I don't believe it is, but it will be good to get an answer from MT why similar commands will not be a threat to ROS.
Thank you,
Nico
Re: Hotspot security question
disable Web service - you won't be able to manage router via web interface at all =)
-
-
nicopretorius
Frequent Visitor
- Posts: 77
- Joined:
Re: Hotspot security question
Thanks, I already have it disabled. The concern was specific to the hotspot "web service".
Re: Hotspot security question
http://wiki.mikrotik.com/wiki/Manual:Cu ... able_Pages
That's a list of all the available Hotspot servlets, together with all the parameters they take.
Can those be exploited? Maybe. Only a code review would show. But the parameters that CAN be passed in are fairly harmless. The links you posted focus on exploits of a full administrative interface to the routers in question, which the Hotspot servlets don't provide. From that list the Hotspot servlets wouldn't need any write capabilities to anything administrative outside of themselves. A slightly bigger worry might be RADIUS attributes passed back on login that cause the creation of queues etc.
That's a list of all the available Hotspot servlets, together with all the parameters they take.
Can those be exploited? Maybe. Only a code review would show. But the parameters that CAN be passed in are fairly harmless. The links you posted focus on exploits of a full administrative interface to the routers in question, which the Hotspot servlets don't provide. From that list the Hotspot servlets wouldn't need any write capabilities to anything administrative outside of themselves. A slightly bigger worry might be RADIUS attributes passed back on login that cause the creation of queues etc.
-
-
nicopretorius
Frequent Visitor
- Posts: 77
- Joined:
Re: Hotspot security question
Thanks for the feedback. This confirms my understanding.
Re: Hotspot security question
yep, with Hotspot you cannot reboot the router =)
Re: Hotspot security question
Those exploits are based on a parsing error with DD-WRT. The web service does not escape data prior to parsing, so the CGI-bin folder will blindly accept shell commands as long as you prepend a ; before it. RouterOS does not use this CGI-bin system. Also, all the web-based administrative functions for webmin are encoded and passed as parameters through Jproxy, which properly checks for user credentials prior to parsing anything.One of our roaming partners raised a concern regaring the security of our hotspot implementation based on the following articles.
http://www.irongeek.com/i.php?page=secu ... rf-example
http://www.gnucitizen.org/blog/persiste ... r-wag54gs/
Is the concern valid that similar "malicious commands" can be issued to ROS via the hotspot service? I don't believe it is, but it will be good to get an answer from MT why similar commands will not be a threat to ROS.
Thank you,
Nico
Mikrotik did a very nice job in hardening their web-interface. As long as web service is disabled, you should be just fine.
Who is online
Users browsing this forum: Bing [Bot], Partial and 40 guests