DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Heartbleed?

More
10 Apr 2014 15:18 #79633 by mordorf
Replied by mordorf on topic Re: Heartbleed?
I'm using OpenVAS to scan the public IP address of my router which shows it as vulnerable but when I run the Metasploit module against it I get an unknown error and the exploit just hangs. If I run it against my NAS (Qnap) HTTPS port I can successfully exploit that though :-(

Please Log in or Create an account to join the conversation.

More
10 Apr 2014 16:49 #79636 by pic-o
Replied by pic-o on topic Re: Heartbleed?
babis3g, yes I am typing in my router's public IP

Please Log in or Create an account to join the conversation.

More
10 Apr 2014 16:52 #79637 by babis3g
Replied by babis3g on topic Re: Heartbleed?

Pic-o wrote: babis3g, yes I am typing in my router's public IP


THANKS

Starting query... [2014-04-10 15:52:53]
Stay on this page for results!
Scanning target xx.xx.xx.xxx ...
Found 0 servers with port 443 open
Query finished [2014-04-10 15:52:54]

Starting query... [2014-04-10 15:55:56]
Stay on this page for results!
Scanning target xx.xx.xx.xxx ...
Found 0 servers with port 80 open
Query finished [2014-04-10 15:55:57]

Please Log in or Create an account to join the conversation.

More
10 Apr 2014 16:58 #79638 by pic-o
Replied by pic-o on topic Re: Heartbleed?

Mordorf wrote: I'm using OpenVAS to scan the public IP address of my router which shows it as vulnerable but when I run the Metasploit module against it I get an unknown error and the exploit just hangs. If I run it against my NAS (Qnap) HTTPS port I can successfully exploit that though :-(



Just as a word of caution, I wouldn't want to have my NAS open to the internet even if was not vulnerable to this threat. It may be better to establish a VPN tunnel with your router or firewall and gain access to your NAS and private network in that way instead.

Please Log in or Create an account to join the conversation.

More
10 Apr 2014 17:21 #79639 by mordorf
Replied by mordorf on topic Re: Heartbleed?
It's not the NAS administration thats open to the public just a web site, I've temporarily stopped https access until the fix comes out later this week. But I agree all remote admin functions should, and is in my case, done via vpn. It's just a home network so there's nothing critical on it anyway.

Please Log in or Create an account to join the conversation.

More
11 Apr 2014 04:09 #79643 by zgap111
Replied by zgap111 on topic Re: Heartbleed?
I saw this

http://www.engadget.com/2014/04/10/the-heartbleed-bug-is-affecting-routers-too/

then came to the forum... is there any official news from Draytek on this issue?

Please Log in or Create an account to join the conversation.

Moderators: Sami