pluto & ipsec gpl violations; D.H.Redelmeier + Henry Spencer

[Peter]

I have been working on taking apart the gpl violation mountain which is one
of these balky little mips based dsl+wifi soho router boxes to fix a bug,
which I succeeded to do. Inside I found an unadvertised ipsec tunnelling
facility which seems to be activated implicitly when a static ip is used.

These boxes are full of back doors which are zero day exploits waiting to
happen, usually on the side of the powers that be to keep us "safer",
unadvertised "features" and hacked binaries. They do not even bother
removing the gpl message from scripts. I found the 2 people's names in the
ipsec scripts on this box.

I am curious what you people think of your gpl licensed (it says so!)
scripts and other code ending up in strange places with no attribution, no
remuneration, no apology, and no recourse?! 

Anyway, all, you probably would like to see this if you haven't already:

http://www.binaryanalysis.org/en/content/show/documentation

Read the docs, sneak up on your trusty little dsl box and run the software
against its firmware. nmap -T4 -A <router.ip> also works as a first foot in
the door measure. I am really curious who here, if any (!), having a normal
soho dsl or cable box, is NOT using some gpl busting busybox with no source.
I am not even counting legit openwrt etc. users, regardless what that is
installed on.

I am somewhat miffed by the hypocrysy of the whole broadband internet
business which seems to exist mostly due to these boxes which are truly
*everyhwere* and even undersell an arduino with ease.


--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists