Menu
What's new
By:
Filters
Better Search

'Heartbleed' vulnerability and OpenSSL in Asuswrt-Merlin

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

RocketJSquirrel said:
I don't have Entware, Optware, or anything else other than the Merlin FW. Here's what a positive result looks like.
Click to expand...

Very strange .... What service is listening on your router's WAN port 443?
 
netware5 said:
Very strange .... What service is listening on your router's WAN port 443?
Click to expand...

I don't know. I haven't customized any of my ports. Isn't that the standard HTTPS port?

I rebooted the router and got a happier result. Odd.
 

Attachments

  • heartbleed2.jpg
    heartbleed2.jpg
    24.5 KB · Views: 479
RocketJSquirrel said:
I don't know. I haven't customized any of my ports. Isn't that the standard HTTPS port?

I rebooted the router and got a happier result. Odd.
Click to expand...

Yes, this is the standard HTTPS port, but your router's GUI default WAN port should be 8443. Did you checked the box "Enable Web access from WAN" under "Administration>System" menu? Or may be you have some device on your LAN that is listening on 443 and the port is forwarded under "WAN>Virtual Server/Port Forwarding" menu? Or your firewall is disabled?
 
See their FAQ. That test is unreliable. There are numerous reports of false positive, which would explain why in your case it reported different results before and after a reboot.

When I test it here, it simply gives me a connection timeout despite the fact port 443 is indeed open during the test.
 
netware5 said:
Yes, this is the standard HTTPS port, but your router's GUI default WAN port should be 8443. Did you checked the box "Enable Web access from WAN" under "Administration>System" menu? Or may be you have some device on your LAN that is listening on 443 and the port is forwarded under "WAN>Virtual Server/Port Forwarding" menu? Or your firewall is disabled?
Click to expand...

443 is used by AiCloud.
 
RMerlin said:
443 is used by AiCloud.
Click to expand...

Oh yes :) as I am not using AiCloud I forgot about this possibility :) But in any case this should not happen as the router's OpenSSL library version is less than 1.0.1. :confused:
 
netware5 said:
Oh yes :) as I am not using AiCloud I forgot about this possibility :) But in any case this should not happen as the router's OpenSSL library version is less than 1.0.1. :confused:
Click to expand...

Exactly. Which is another reason why I believe that their test isn't working as expected, which would be in line with what is in their FAQ (numerous reports of false positive appearing).
 
Merlin, BTW today the OpenVPN team has released OpenVPN 2.3.3. Do you plan to incorporate it within the next version of your FW?
 
netware5 said:
Yes, this is the standard HTTPS port, but your router's GUI default WAN port should be 8443. Did you checked the box "Enable Web access from WAN" under "Administration>System" menu? Or may be you have some device on your LAN that is listening on 443 and the port is forwarded under "WAN>Virtual Server/Port Forwarding" menu? Or your firewall is disabled?
Click to expand...

RMerlin said:
443 is used by AiCloud.
Click to expand...

None of the above on my N66U. It's almost as if some process started listening on 443 since the prior reboot. For future reference, what command would I run to see what's listening on a particular port?
 
RocketJSquirrel said:
None of the above on my N66U. It's almost as if some process started listening on 443 since the prior reboot. For future reference, what command would I run to see what's listening on a particular port?
Click to expand...

The netstat applet provided by Busybox does not display that info. You would need to install the complete version of it through Optware or Entware to be able to tell it to report which process is listening to the listed ports.

It could also have been a port forward. Those would be visible under System Log.
 
netware5 said:
Merlin, BTW today the OpenVPN team has released OpenVPN 2.3.3. Do you plan to incorporate it within the next version of your FW?
Click to expand...

Doubtful. I will wait to ensure that this new release does not introduce new issues before updating.
 
When I initially set up the OpenVPN client I had to use 2.2.2 because I was never able to get 2.3 to work. I just ran an "openssl version" command and it returned 1.0.0e so I believe this client is safe. Can anyone confirm? Thanks.
 
ojai00 said:
When I initially set up the OpenVPN client I had to use 2.2.2 because I was never able to get 2.3 to work. I just ran an "openssl version" command and it returned 1.0.0e so I believe this client is safe. Can anyone confirm? Thanks.
Click to expand...

Which client? The router's client or the PC Windows client? On which command prompt you had ran the "openssl version" command?
 
There is an extension for Chrome called "Chromebleed" that I've been using. Not sure how accurate it is, but it seems to warn you if you're going to a site that is vulnerable...might be useful for testing one's VPN server from the outside?

Just a thought...
 
You must log in or register to reply here.

Similar threads

escape75
RT-AX68U Merlin vs. 3.0.0.4.388_24646
Replies
0
Views
513
escape75
escape75
Yota
Plans to migrate to OpenSSL 3.0?
2
Replies
36
Views
3K
bluepoint
bluepoint
RMerlin
Release Asuswrt-Merlin 386.13 / 386.13_2 is now available for AC models
2 3 4
Replies
77
Views
13K
L&LD
L&LD
B
SANS: Critical OpenSSL 3.0.x Vulnerability
Replies
0
Views
1K
bennor
B
K
Latest RT-AC68U Asuswrt stock vs Merlin security
Replies
6
Views
2K
KrypteX
K
Similar threads
Thread starter Title Forum Replies Date
Yota Plans to migrate to OpenSSL 3.0? Asuswrt-Merlin 36

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 604 (members: 24, guests: 580)
Top