I can’t seem to find any documentation on this, so my questions are:
Does The Dude send any information at all back to Mikrotik?
How can we as users be assured that the software is not sending critical information (like passwords and ip addresses) back to MikroTik (or anyone else) without our consent?
Has anyone ever done any security testing on the software whilst it was running on their hardware, (especially if you publicly face the web interface..)?
Anyone done any kind of traffic profiling on the boxes they’ve installed The Dude on?
Can The Dude send anything out anywhere I don’t specify?
As I was writing, I did consider setting it up on a “blankish” box, importing my configs then “Wiresharking” on the NIC to basically see where the traffic is going…
(I say basically because I am FAR from a Wireshark pro)…
Wireshark tip - Assuming your internal network is 192.168.0.0/16 and your Dude server is on the 1 network this filter will exclude all networks except for the network the dude server is on. Install wireshark on your dude server…
Start Wireshark and click 2nd button from the left on the top row, put a check the promiscuous checkbox then add “host 192.168.1.x and not net 192.168.2.0/23 and not net 192.168.4.0/22 and not net 192.168.8.0/21 and not net 192.168.16.0/20 and not net 192.168.32.0/19 and not net 192.168.64.0/18 and not net 192.168.128.0/17” in the capture filter…
If your want to remove a single host add “and not host x.x.x.x”.
Just keep adding “and nots” until the only traffic left has to be suspicious.
Of course if your trying to see what the dude is talking to it is much easier to mirror the connection to the firewall and just put host x in your filter.
