ivanich has quit [Read error: Connection reset by peer]
dedeckeh has joined #openwrt-devel
Nick_Lowe has joined #openwrt-devel
victhor has joined #openwrt-devel
Nick_Lowe has quit [Client Quit]
rsalvaterra has joined #openwrt-devel
black_ant has joined #openwrt-devel
black_ant has quit [Changing host]
black_ant has joined #openwrt-devel
_whitelogger has joined #openwrt-devel
qgTG has quit [Ping timeout: 240 seconds]
qgTG has joined #openwrt-devel
qgTG has quit [Ping timeout: 264 seconds]
qgTG has joined #openwrt-devel
feriman has quit [Quit: WeeChat 2.9]
<Hauke>
A nice attack to circumvent NAT: NAT Slipstreaming: https://samy.pl/slipstream/ They use a bug in the tdts.ko kernel module, which is probably part of some vendors SDK
Nick_Lowe has joined #openwrt-devel
f00b4r0 has joined #openwrt-devel
<olmari>
heh, an while where such "inside network" stuff has been on the wild 🙂 or.. generally
feriman has joined #openwrt-devel
qgTG has quit [Ping timeout: 240 seconds]
qgTG has joined #openwrt-devel
finsternis has joined #openwrt-devel
qgTG_ has joined #openwrt-devel
qgTG has quit [Ping timeout: 264 seconds]
<rsalvaterra>
Hauke: From what I understand, the attack is only feasibly with automated loading of NAT helper modules.
<rsalvaterra>
*feasible
<rsalvaterra>
Also, lib/modules/2.6.36.4brcmarm+? I'm not losing my sleep over this one. :P
Nick_Lowe has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
madwoota has quit [Read error: Connection reset by peer]
madwoota has joined #openwrt-devel
madwoota has joined #openwrt-devel
madwoota has quit [Changing host]
Borromini has joined #openwrt-devel
linzst has joined #openwrt-devel
Borromini has quit [Quit: Lost terminal]
adrianschmutzler has joined #openwrt-devel
<Hauke>
rsalvaterra: yes the attack uses protocols where an extra channel is needed in this example SIP is used
<Hauke>
they make the browser send a HTTP request which the router interprets as a SIP REGISTER packet, the router parses it and opens the port which is used in the SIP REGISTER packet for the reverse conection
<Hauke>
The router has to detect that this is not the first packet of the conversation and not interpet it as SIP
<Hauke>
*interpret
Nick_Lowe has joined #openwrt-devel
nmrh has joined #openwrt-devel
goliath has joined #openwrt-devel
feriman has quit [Ping timeout: 256 seconds]
dopje_ has quit [Read error: Connection reset by peer]
dopje has joined #openwrt-devel
Nick_Lowe has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<damex>
it works for some interfaces but not for all
<damex>
there is some virtual interfaces that have no use (loop interfaces) - they won't get init. but if it is ones that <might be physical> and is part of qsgmii - they get initialized.
<damex>
that condition actually matches for them and it does not get further logic applied
Borromini has quit [Ping timeout: 256 seconds]
Tapper has joined #openwrt-devel
Borromini has joined #openwrt-devel
Ycarus has quit [Quit: Ycarus]
swalker has quit [Remote host closed the connection]
swex has quit [Quit: swex]
gnslu2-lo has quit [Quit: Caught sigterm, terminating...]
Nick_Lowe has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
r3pek_ is now known as r3pek
dedeckeh has quit [Remote host closed the connection]
<adrianschmutzler>
aparcar[m]: whenever somebody with access to the actual data is available
<adrianschmutzler>
ynezz moved it because he had no rights to delete it AFAIR
<aparcar[m]>
maybe move it to archive then?
<aparcar[m]>
or to /dev/null ;)?
<adrianschmutzler>
no, these are snapshots
<adrianschmutzler>
they should be deleted
<adrianschmutzler>
so, if you know anybody who can delete them, tell him to delete
<aparcar[m]>
jow: please delete
<aparcar[m]>
I don't know who manages servers. Mirko?
<adrianschmutzler>
that's what ynezz wrote last time: "Yeah, still waiting for someone with access to archive.openwrt.org to move it over there, so it could be deleted from downloads.openwrt.org. Until then I prefer to keep it in this strange folder (naming is hard), unless there is strong reason to delete it ASAP."
<adrianschmutzler>
looks like he wanted to archive, too
<adrianschmutzler>
discussion was on the mailing list BTW
csrf has quit [Ping timeout: 240 seconds]
<aparcar[m]>
never seen it
<adrianschmutzler>
at least brcm were simple renames of the target, so I don't see a reason to move that to archives
<adrianschmutzler>
one might argue different for targets that were actually removed
<aparcar[m]>
I don't have that mail thread, can you just bump it?
dxld has quit [Quit: Bye]
dxld has joined #openwrt-devel
glyph has quit [Quit: End of line.]
glyph has joined #openwrt-devel
danitool has joined #openwrt-devel
feriman has quit [Ping timeout: 264 seconds]
Shallanger has joined #openwrt-devel
Immanuel has quit [Quit: Connection reset by reptilians]
ivanich_ has quit [Quit: Konversation terminated!]
<Hauke>
aparcar[m]: hostapd's internal crypto code is not sufficient for WPA3, it needs a real crypto library, but mbedtls is not supported by hostapd.
<Hauke>
aparcar[m]: I am not aware that anyone is working on adding medtls support to hostapd
<Hauke>
aparcar[m]: wigyori has access to archive.openwrt.org
<Hauke>
adrianschmutzler:
<Hauke>
I think the old snapshots can be deleted, we have releas builds for most of them
swex has joined #openwrt-devel
MichaelOF has quit [Quit: Konversation terminated!]