biob Posted December 15, 2018 Share Posted December 15, 2018 Good evening i have a little travel router(GL-MT300A). I was wondering if I should trust the custom openwrt firmware or should I reflash it with the openwrt image? Does anyone here use these routers or any experience with them? Quote Link to comment Share on other sites More sharing options...
digininja Posted December 16, 2018 Share Posted December 16, 2018 Define "trust". I generally find that anyone who asks the question "can I trust X" can't trust it which is why they are asking the question in the first place. Whether others trust X is irrelevant, that person never does. So install openwrt and be happy. 1 Quote Link to comment Share on other sites More sharing options...
biob Posted December 16, 2018 Author Share Posted December 16, 2018 As always straight to the point digininja👍🏻 Always look forward to seeing your replies. Top bloke. Quote Link to comment Share on other sites More sharing options...
biob Posted December 16, 2018 Author Share Posted December 16, 2018 My problem is... I know enough to be very worried but not enough to be sure. If that makes any sense 😂 Quote Link to comment Share on other sites More sharing options...
Forkish Posted December 18, 2018 Share Posted December 18, 2018 I have one of those and if you use tcpdump on the pineapple connected. The built in openvpn module repeatedly sends the server and ip address in clear text. I’ve stopped using it until I figure out why and how to block that being sent. Quote Link to comment Share on other sites More sharing options...
digininja Posted December 18, 2018 Share Posted December 18, 2018 Give a bit more info. Do you mean it sends packets to the VPN and you can see the IP address of the VPN server? @biob do some googling for published issues with it. If there are loads, reject it and put on something else. But also consider your risk profile, where you are going to be using this, are there likely to be people going after you who have the necessary skills to carry exploit any issues. Using it at a hacker con, probably, using it in a quiet country cottage in middle of nowhere, probably not. If you are leaving it alone in your hotel room, are you worried an adversary could perform an evil maid attack? That is where defining risk comes in. 1 Quote Link to comment Share on other sites More sharing options...
Forkish Posted December 18, 2018 Share Posted December 18, 2018 I have the black, blue and yellow-v1 routers my gl.init and with their stock fw, there is data sent in plain text after connecting to a nordvpn server through it’s supplied openvpn module. I’ll pull the logs/pcaps off and post ‘em. I havn’t put a router (in my case, probably a stock wrt1900 or ddr-wrt wrt120) in-between the glinit router and the pineapple to see how far the ttl is but it’s slightly worrisome; which is one notch above my mean worry par. I never use them to check banking or the like but only for a chromebook in guest mode. My plan is to learn luci/openwrt better and re-flash the firmware to barebones openwrt and use the openwrt openvpn module and test that but it’s ‘spare time’ stuff. Quote Link to comment Share on other sites More sharing options...
digininja Posted December 18, 2018 Share Posted December 18, 2018 I know nothing about the devices but would be interested to have a look at what is leaking. Quote Link to comment Share on other sites More sharing options...
Forkish Posted December 19, 2018 Share Posted December 19, 2018 This is the device in question: https://www.gl-inet.com/products/gl-mt300a/ I’ve also got these: https://www.gl-inet.com/ar300m/ https://www.gl-inet.com/products/gl-mt300n/ fun little routers, but right off the bat, lack of https login has me paranoid Quote Link to comment Share on other sites More sharing options...
digininja Posted December 19, 2018 Share Posted December 19, 2018 The lack of HTTPS on login doesn't really mean much as the standard is to use a self signed certificate on then which can then by spoofed by anyone with man in the middle. Quote Link to comment Share on other sites More sharing options...
biob Posted December 19, 2018 Author Share Posted December 19, 2018 14 hours ago, digininja said: I know nothing about the devices but would be interested to have a look at what is leaking. Default firewall rules any good to you? Quote Link to comment Share on other sites More sharing options...
digininja Posted December 19, 2018 Share Posted December 19, 2018 Not on their own. If things are leaking then it would be worth looking at the routing table and the pcap to see what has leaked. The routing table will say what route traffic should be sent so if there is clear text traffic being sent to an IP that should be routed through the VPN then something has gone wrong. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.