lime October 2017

lime-users@lists.libremesh.org

19 participants
26 discussions

[lime-users] [SPAM] tp-link 4310 refurbished

by Ilario

Sorry for the spam, but I thought it would be interesting for someone, it's just the motherboard without antennas nor chassis of a TP-Link WDR4300 for 23 € on aliexpress ---------- Messaggio inoltrato ---------- Da: Leonardo Maccari <mail(a)leonardo.ma> Date: 28 giugno 2017 14:41 Oggetto: [Ninux-Wireless] tp-link 4310 refurbished A: wireless(a)ml.ninux.org Ciao, long story short: Dopo il BM qualcuno mi ha chiesto di contattare Panayotis (un ricercatore che conosco) per sapere dove ha preso le device che hanno usato per uno workshop ad Atene. Ecco la risposta: https://www.aliexpress.com/item/openwrt-firmware-5g-wifi-2-port-usb-router-… ciao, leonardo. _______________________________________________ Wireless mailing list Wireless(a)ml.ninux.org http://ml.ninux.org/mailman/listinfo/wireless

7 years, 2 months

[lime-users] LEDE 17.01.3 & Severe dnsmasq vulnerabilities affecting LEDE

by Ilario Gelmetti

Yesterday LEDE 17.01.3 was released. A few days earlier some severe security vulnerabilities in DNSmasq have been disclosed. Images of LibreMesh 17.06 based on LEDE 17.01.3 can be compiled using lime-sdk but please notice that this is untested. For doing this you can replace 17.01.2 with 17.01.3 in feeds.conf.defaults and options.conf files in lime-sdk, then run ./cooker -f --force and then compile as usually. On my PC the compilation worked well but I didn't test on any router. -------- Forwarded Message -------- Subject: [LEDE-DEV] Severe dnsmasq vulnerabilities affecting LEDE Date: Tue, 3 Oct 2017 21:08:16 +0200 From: Jo-Philipp Wich <jo(a)mein.io> To: LEDE Development List <lede-dev(a)lists.infradead.org>, LEDE Project Administration <lede-adm(a)lists.infradead.org> The Google security team identified a number of critical security issues present in dnsmasq, the embedded DNS and DHCP server used by LEDE as well as many other different open and proprietary firmwares and network appliances. A total of six different flaws affecting both DNS and DHCP functionality have been identified in dnsmasq versions up to v2.77: - CVE-2017-14491 - Remote code execution, through DNS, due to heap overflow - CVE-2017-14492 - Remote code execution, through DHCP, due to heap overflow - CVE-2017-14493 - Remote code execution, through DHCP, due to stack overflow - CVE-2017-14494 - Information leak, through DHCP, potentially weakening ASLR - CVE-2017-14495 - Denial of service, through DNS, out-of-memory due missing free() - CVE-2017-14496 - Denial of service, through DNS, integer underflow causing huge memcpy() - CVE-2017-13704 - Denial of service, through DNS, integer underflow causing service crash According to Simon Kelley, the author of dnsmasq, most critical flaws are present in dnsmasq since a very long time, having even survived a number of audits. The security issues have been fixed in the most recent dnsmasq version, v2.78, which has been included into both the LEDE master and lede-17.01 release branches. MITIGATION In order to solve the security issues above you can either update the dnsmasq package through opkg: opkg update opkg upgrade dnsmasq Or update to a newer LEDE image. Master snapshots newer than revision r4969-67ac017fef and the upcoming LEDE release 17.01.3 images already contain a fixed dnsmasq version. WORKAROUND There is no secure workaround available, though the attack surface can be reduced somewhat by disabling the DNS service part of dnsmasq and only allowing trusted hosts to obtain DHCP leases in the local network. In order to disable the DNS service, issue the following commands: uci set dhcp.(a)dnsmasq[0].port="0" uci add_list dhcp.lan.dhcp_option="6,8.8.8.8" uci commit dhcp /etc/init.d/dnsmasq restart This will stop dnsmasq from serving DNS requests and instruct all DHCP clients to use Google's public DNS server instead of the router itself for name resolution. REFERENCES The orginal article published on the Google security blog: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.h… Dnsmasq security notice: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q4/011772.html Debian security advisory: https://www.debian.org/security/2017/dsa-3989 _______________________________________________ Lede-dev mailing list Lede-dev(a)lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev

7 years, 2 months

[lime-users] How to know which DNS Linux

by Santi Vallazza

Hello, I want to know which DNS is assigned to my laptop when i connect to a network working with DHCP. I think that these commands tell me something: host -v google.com nslookup yahoo.com Do you have any other suggestion? Thanks Santiago

7 years, 2 months

[lime-users] Survey on legal obligations, of Community Networks by netcommons.eu

by Ilario Gelmetti

I forward from NetCommons a survey on which legal problems you encountered while participating in a community network. You can participate on this page: https://d52netcommons.limequery.com -------- Forwarded Message -------- Dear Sir/Madam, We kindly invite you to participate in the Survey on legal obligations of Community Networks which is part of the research of the netCommons project. netCommons (http://netcommons.eu/) is a research project supported by the European Commission (2016-2018), which proposes a trans-disciplinary methodology to study and support the development of local network internet infrastructures as commons, for resiliency, sustainability, democracy, privacy, self-determination, and social integration. You are being invited to take part in this research study because we identified your organization as a key player in this field. The goal of this online survey is to assess how the European legal framework is actually applied by CNs. The results of this survey will serve as a basis for creating /Guidelines for Community Networks to deal with legal issues./ As the survey concerns legal obligations, we would be very glad if the person(s) dealing with legal issues in your CN could answer the questions. *Participation is anonymous*. You will not be asked your personal information. We will only use your answers. If you are willing to accept our invitation, you can take part in the survey via an online platform: https://d52netcommons.limequery.com The survey, which should take between 20 and 30 minutes, will be open _until October 10_. Thank you very much for your participation! Mélanie Dulong de Rosnay & Félix Tréguer – CNRS Federica Giovanella - University of Trento For further information, please contact Federica Giovanella: federica.giovanella(a)unitn.it <mailto:federica.giovanella@unitn.it>

7 years, 2 months

[lime-users] https not available

by Amuza

Bona tarda, Probably you aware of it, but just in case: http://libremesh.org/ works fine https://libremesh.org/ does not work at all

7 years, 2 months

[lime-users] Disaster Mesh for Dominica

by Support

You must have heard about hurricane that destroyed north carribean islands this month. I am organizing a mission to send to Dominica a bunch of router to help country to recover Internet coverage. https://www.google.fr/search?q=maria+dominica&client=firefox-b&dcr=0&prmd=i… I am conducting donation events in France and Internet to send first help. I am contacting libre mesh group for getting support and help about disaster Internet solution we could provide. Thanks everyone Fred. http://madeinzion.org

7 years, 2 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

lime October 2017