Archive for December, 2010

Dec 29 1 Fix: Securing the DD-WRT location vulnerability

My Internet router uses a software called DD-WRT instead of the default firmware. DD-WRT is an open-source alternative to the factory-installed firmware for some routers.

Basically, it allows me to do more and have more control over my router.

Today, however, I read about a location vulnerability in the DD-WRT Web administration interface.

Using a DNS rebinding attack, malicious Web sites can track your location fairly accurately using the routers MAC address. For example, when you visit a malicious Web site, people can find out where you live.

How to enable password protection of the Info-site under Administration > Management inside the router administration page

Securing DD-WRT by enabling password-protection of the info-site

I don't want anyone to know my location without my permission, so I found out how to disable the information page where the routers MAC address is shown.

By accessing the administration interface, and enabling password protection of the info-site, you can shut malicious users out.

Click the screenshot to learn how to enable password-protection.