Routers with a Linux OS: how safe they are and other questions.

Topic

New Reply

I am starting this thread to continue a discussion that began on another one started by CADesertRat here ( #2288384 ) and dedicated to a recently discovered malicious bug, probably engineered by hackers working for a nation-state government and meant to be used to attack Linux-running computers:

https://www.askwoody.com/forums/topic/fbi-and-nsa-expose-new-linux-malware-drovorub/#post-2288734

The discussion more or less branched out into a sub-thread on how vulnerable to this bug may be those routers used at home (particularly now that so many are working from home), or by small businesses, that have some distro of Linux as the operating system. With the additional question, asked by Moonbear, of how does one know if one’s router is running Linux, in the first place.

Fortunately, the bug is only a danger to those computers running Linux with a version of the kernel earlier than 3.7; but that is helpful as long as one knows how to find out if: (a) ones router’s OS is a Linux distro and, if so, (b) how to make sure one has a safe kernel no earlier than 3.7 and, if not, (c) how to replace the kernel with one more recent and, therefore, safe from this bug.

There is this rather long list of Linux used in routers that I found in Wikipedia:

https://en.wikipedia.org/wiki/List_of_router_and_firewall_distributions

And here is one review of free Linux distros for routers:

https://teklager.se/en/best-free-linux-router-firewall-software-2019/

None of this exhausts this topic, so I hope others might be interested enough to add some useful information here.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

3 users thanked author for this post.

CADesertRat, Moonbear, Fred

Reply | Quote

Replies

OscarCP wrote:

how does one know if one’s router is running Linux, in the first place.

ALL routers run “linux” . Many are never updated and lack basic security and can be hacked.
Most home routers lack simple Linux OS hardening security

Would you know if your Wi-Fi router’s been hacked?

4 users thanked author for this post.

OscarCP, Biiljoy, Moonbear, Fred

Reply | Quote

Alex5723 wrote:

ALL routers run “linux” . Many are never updated and lack basic security and can be hacked.

Actually, not so. Possibly most, but not all.

Traditionally BSD was the base software of choice to build a router OS. I believe current versions of Juniper’s JunOS still to be BSD-based, for example.

And I’m fairly sure my home router ran something … might have been embedded RSX-11…

1 user thanked author for this post.

Moonbear

Reply | Quote

I wrote “linux” which should include “Unix” too.

Linux is technically just the Linux kernel — typical Linux distributions are made up of many pieces of software. This is why Linux is sometimes called GNU/Linux. In fact, much of this same software on top of Linux is the same software used on the BSDs.

https://www.howtogeek.com/190773/htg-explains-whats-the-difference-between-linux-and-bsd/#:~:text=Linux%20is%20technically%20just%20the,is%20sometimes%20called%20GNU%2FLinux.&text=BSD%20stands%20for%20%E2%80%9CBerkeley%20Software,the%20University%20of%20California%2C%20Berkeley.

Reply | Quote

mn- wrote:
Actually, not so. Possibly most, but not all.

+1

Also, if you all want to discuss “Routers with a Linux OS”, it might be helpful to first explicitly recognize the distinction between linux-based router/firewall distros (i.e., specialized network-focused open-source distros commonly installed by users on generic user-provided hardware) and commercial router/firewall products (i.e., pre-built hardware devices, systems really, running embedded linux or other *nix-based OS).

Hope this helps.

3 users thanked author for this post.

OscarCP, Moonbear, Moonbear

Reply | Quote

OscarCP wrote:

I am starting this thread to continue a discussion that began on another one started by CADesertRat here ( #2288384 ) and dedicated to a recently discovered malicious bug, probably engineered by hackers working for a nation-state government and meant to be used to attack Linux-running computers: FBI and NSA expose new Linux malware Drovorub

For shure this is not the first “bug”, and now for the common people disposed publicly. The whole problem of vulnerability is a multi-headed monster, and living for a long time already.
To combat that monster is making shure that Staffmembers of society-critical-organisations are working more safely, and use computers that are hardenend in a different and better way than before.
Awareness of dangers probably is one of the most important items to start with. Keeping your data safe is becoming quite a serious job. Using (home-)”computers that are used in working from home”, and that are “more” safe is becoming quite an art/challenge in computing-administration, but is very well and good possible and is already been done.
The problems that are spoken of here are all important, and make common people aware. The multi-headed-monster in the old Greek Saga’s grew a new head every time. Now in our world the crook-monster grows new heads every time too.
I am curious how people in this forum and group are dealing with this.

* _ the metaverse is poisonous _ *

1 user thanked author for this post.

OscarCP

Reply | Quote

IMO this is a very good question for those of us with ISP-provided (and locked down) routers.

Reply | Quote

My DSL Modem/Router is 10 + years old.  Does anyone know how old a Linux kernel 3.6 is?  Is there a way to find out?

Being 20 something in the 70's was much more fun than being 70 something in the 20's.

2 users thanked author for this post.

Moonbear, CADesertRat

Reply | Quote

My router is older than your setup. Kernel version history:

Found here: Wikipedia

(at the bottom of the page)

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

3 users thanked author for this post.

Charlie, OscarCP, Moonbear

Reply | Quote

[CADesertRat]

My old router was bought in 2006/2007 time frame so it probably has kernel 2.6.0.

I think the last firmware update available (which I did) was in early 2008 but I don’t have a clue what it changed. Bottom line is that I’m sure I do not have 3.7 although I wouldn’t know where to look to confirm, other than the chart I posted above.

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

• This reply was modified 3 years, 1 month ago by CADesertRat.

1 user thanked author for this post.

OscarCP

Reply | Quote

According to another article in Wikipedia:

https://en.wikipedia.org/wiki/Linux_kernel

“On 11 December 2012, Torvalds decided to reduce kernel complexity by removing support for I386 processors, making the 3.7 kernel series the last one still supporting the original processor. The same series unified support for the ARM architecture processors.”

So my router, being a model that came well after 2012, probably has for its OS a version of Linux with a kernel that is 3.7, or later.

Now the question remains: how does one know what kernel is one’s router blessed with?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

I have a feeling that this will turn out to be the billion dollar question.

Reply | Quote

Nmap (nmap.org) can accurately guess the version of a router’s Linux kernel or other operating system.

1 user thanked author for this post.

OscarCP

Reply | Quote

I have not yet seen how the Drovorub malware installs, so we may be discussing this prematurely.

What you can do is run basic tests.

Open Ports: GRC
Possible hacks: F-Secure

cheers, Paul

2 users thanked author for this post.

Fred, OscarCP

Reply | Quote

Paul_T: I appreciate your advice, which is also timely. Now, to make clearer something that might need to be explained explicitly: This thread is not about the Drovorub malware (there is one already in AskWoody dedicated to that and I have given a link to it in my original comment), but about the safety of Linux-running routers in general. The bug that you mention is something I have used to explain, in my original comment at the top of this thread, why it was that I had started this thread. Now it has cropped up here again, as it is a matter of serious concern, particularly for those of us working at home, because it is a concrete (and worrying) example of a Linux core-related vulnerability. Anyone who wants to discuss this bug in more detail, please do so in that other thread dedicated to it.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

We have other threads on router security, notably this one.
https://www.askwoody.com/forums/topic/home-router-warning-theyre-riddled-with-known-flaws/

cheers, Paul

2 users thanked author for this post.

Fred, OscarCP

Reply | Quote

Thanks, Paul_T I have tried both sites. F-Secure has reassured me that my router has “no issues.” In GRC found what seems useful information about the safety of my Internet connection. I have to check for time to time there, to see if my IP is fixed or not (it used not to be fixed, but have not checked this in years).

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

If the router has ssh you could sign into it and run uname to find the kernel version.  Firmware attack is hardcore.  To say you are vulnerable if you have a lower kernel sure, but I mean there are millions of devices open to meltdown and spectre and you don’t see those firmware attacks in the wild that much.  Obviously don’t have too old hardware if you have firmware attacks as a threat you’re worried about.  But lots of things you old linux and there are even machines like atm’s that use a kiosk version of windows xp.  Lots of embedded os is never updated.

1 user thanked author for this post.

OscarCP

Reply | Quote

The other thread that Paul_T has referred to ( #2288854 ) has what might be some answers to questions (b), (c) and (d) in my original comment, but they are not encouraging.

This Wikipedia article about open source Linux router firmware might be of interest here:

https://en.wikipedia.org/wiki/List_of_router_firmware_projects

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Charlie wrote:

My DSL Modem/Router is 10 + years old. Does anyone know how old a Linux kernel 3.6 is? Is there a way to find out?

A Google search shows that Linux 3.6 was released on 30 Sep 2012.

Hope this helps…

2 users thanked author for this post.

Charlie, CADesertRat

Reply | Quote

See also the Wikipedia article on Linux kernels linked here: #2288840 .

It is starting to look, at least for me, from what I’ve read in the thread mentioned by Paul_T, that one may really need a router meant for enterprise networks, not one of those provided by ISPs for home use, to be able to install the up-to-date Linux firmware of one’s choosing. And, even then, doing this might not be an easy-peasy, no worries kind of procedure, particularly for non-experienced people.

So, home and small business router users: let’s don’t worry and be happy?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Charlie

Reply | Quote

OscarCP wrote:

It is starting to look, at least to me, that one needs a router for enterprise networks, not one of those provided by ISPs for home use

I almost agree. I think it shows that locked-down ISP-provided home routers do not give end-users the control that they may wish over the security of their own internal network(s)… so a piggy-backed additional router almost becomes de rigeur.

3 users thanked author for this post.

Charlie, Fred, OscarCP

Reply | Quote

Thank you! That’s right: ISP-provided home routers INTENTIONALLY do not give end-users the control that they may wish over the security of their own internal network(s), so not as a rigueur but very true it’s needed to use your own router additionally to make the own network a little bit safer to protect against the “normal crooks”.

There are “1001” fairytales to tell by many to create more awareness of protection and privacy.

* _ the metaverse is poisonous _ *

Reply | Quote