Gateway router :: To create a secure Internet gateway that supports IPSEC (over LAN and WiFi), state aware packet filtering, and an embedded SIP proxy for VoIP, all bundled as a native Linux firmware replacement for the Belkin F5D7230-4 wireless router.
Project output should include device discovery documentation, Linux firmware and operational documentation.
Description:
The gateway router is the final frontier, the outpost that links your microcosm (LAN) to the rest of the galaxy (Internet).
A modern home router has more demanded of it today than ever before. With the need for up to 8Mbps Internet connectivity and Network Address Translation (NAT) to support house-hold connection sharing, Wireless (WiFi) access for mobility, and an expectation of complete security, the home router is still meant to remain easy to operate by non-technical people and cost-effective to home buyers. The result of these conflicting requirements can be seen on the shelves - hardware that is cheaply mass-produced, web interfaces for Dad to access, as many features as can be provided for the price and security minimised to maintain a fair degree of usability.
Project Pluto fills a commercial void, by including pre-configured security options and a clean and logical user interface on the existing hardware platforms, these already useful devices can be extended to better support the real expectations of non-commercial users.
Shown in the screen shots below there is a version of Midnight Code Pluto firmware that runs on the Belkin F5D7230-4 router. This firmware is the next step beyond the process (documented, see below also) for compiling the reference Broadcom firmware. At this stage the Pluto firmware has not been released (in any form).
For those who are following the Project Pluto papers and source code for either F5D7230-4 development or development on compatible SOHO routers, such as the Belkin F5D8230-4 or the Siemens SE505 (v2), the following information (not yet included in any papers) may assist; the FCC ID of the router used in the papers is QDS-BRCM1005 as model "Broadcom BCM94306MP", the "LOAD" header used in the F5D8230-4 is 0x002f0102 (replace BELKY_MAGIC_H in the belky-0.5, or uncomment the appropriate line in belky-0.6). Thanks to Eric B for the F5D8230-4 header magic.
As an update, at Q1 2006 this project has had to drop the Belkin router. While a custom firmware image was produced, it was not based on OpenWRT (as some people have reported) - that was the intention, but not the result. The resultant firmware image was not up to the standard desired for this project, and will not be released publicly. Please also note that little work was done for Sveasoft. It seems that Sveasoft and OpenWRT have some sort of turf war where each claims the other has stolen code. As a result of this, a month or two after Sveasoft invited me to run with their Belkin software, they kicked me out because they thought I was some sort of OpenWRT spy. I note with some interest that, with the arrival of the DD-WRT project, Sveasoft appears to have started a new campaign against the DD-WRT contributers and users. A quick web search reveals a number of Sveasoft customers who have had their paid accounts locked for posting to any of the open source forums that promote the free distributions - OpenWRT, DD-WRT, etc. A review of the Wikipedia history for Sveasoft is equally telling.
All of this is old news (more than 12 months). The recent change has been the failure of an old router, requiring an immediate replacement that has been constructed from a regular PC.
The project's objective will be updated in the near future. Using the Midnight Code libraries, and techniques developed for Project Saturn, the Pluto project will take a more secure course. Note that the old public software will remain online - I know its used for other projects, such as the Siemens routers.
A paper is over-due. The one thing that seems to be missing from the SOHO router technology is documentation on its security short-comings. These Broadcom based routers all seem to be using a chipset that supports only one ethernet interface (regardless of how many physical interfaces the device may have). It is commonly known and fairly well documented in the open source communities that the additional interfaces are actually VLANs. What is not well understood (even at the enterprise network level) is that VLANs are disastrously insecure. If you look hard enough you can find good papers (even one from Cisco) on Layer-2 attacks, targeted at VLAN usage, and two of these are significant for these SOHO routers; 1) DoS via MAC/CAM table overflow, and 2) router (and hence ACL/filter) circumvention via unicast ethernet packets.
I will eventually put a paper together, but this information is here for those of you interested in being secure. These devices should be replaced with something more serious, if integrity and availability are to be sustained.
New hardware (PC construction) screen shots will be put online soon.
