DD-WRT, I Know Where You Live

DD-WRT seemed decidedly "bloated" after I found out about Tomato. Maybe that is unfair or ignorant on my part, but do check out Tomato if you are considering DD-WRT.<p><a href="http://www.polarcloud.com/tomato" rel="nofollow">http://www.polarcloud.com/tomato</a>

So by visiting his blog we are essentially letting him use rebind on our connections? ;)

Some background here would be really nice (for us non device hackers). Who exactly would have DD-WRT on their routers? Is it something you have to install manually?<p>edit: i should have googled before asking :-). Apparently it's a custom firmware for linksys routers. Looks like you have to go through a lot of trouble to get it installed, so I'm sure the overall userbase is pretty small.

For those not familiar with the whole router firmware hacking thing, here is the backstory<p><a href="http://www.wi-fiplanet.com/tutorials/article.php/3562391/The-Open-Source-WRT54G-Story.htm" rel="nofollow">http://www.wi-fiplanet.com/tutorials/article.php/3562391/The...</a><p>Also in addition to DD-wrt there is openwrt which I've got running on my router, and probably a number of others.

"Info Page" setting he talks about is:<p>Administration tab &#62; Management sub-tab &#62; Web Access section &#62; "Enable Info Site"

My SVN build of DD-WRT has a "No DNS Rebind" setting defaulting to true. Not sure if this prevents the attack - couldn't find easy steps to reproduce in order to verify.

Is there a solution to this yet? He says it affects you whether or not you have the info page enabled.

I wonder if Tomato is affected.<p>I randomize the two mac addresses weekly anyway.