Home routers under attack...
Posted 16 February 2007 - 05:45 AM
Posted 17 February 2007 - 04:46 AM
Feb 16, 2007 ~ "...Router makers already know of the problems with default passwords as well as other security concerns, they said. Linksys, for example, recommends that customers change the default password during the installation procedure, said Karen Sohl, a representative for the company, a division of Cisco Systems. "We are aware of this," she said. On its Web site*, Linksys warns users that miscreants are taking advantage of the default passwords. "Hackers know these defaults and will try them to access your wireless device and change your network settings. To thwart any unauthorized changes, customize the device's password so it will be hard to guess," the company states. Still, although Linksys' software recommends the password change, consumers can either plug in their router without running the installation disk or bypass the change screen, keeping the defaults. The company offers detailed information on how to change the router password on its Web site. Netgear and D-Link also recommend password changes.
Posted 17 February 2007 - 02:10 PM
February 16, 2007
...The best defense against this type of attack is for home users to change their default password. The following links provide support resources for three of the more common home router vendors:
* D-Link - http://preview.tinyurl.com/2znuvw
* Linksys - http://preview.tinyurl.com/yqvvb4
* NETGEAR - http://preview.tinyurl.com/2njdql
Edited by AplusWebMaster, 17 January 2008 - 06:57 AM.
Posted 21 February 2007 - 05:44 AM
February 20, 2007 ~ "...The attack involves luring users to malicious sites where a device's default password is used to redirect them to bogus sites. Once they are at those sites, their identities could be stolen or malware could be force-fed to their computers. In an advisory* posted Thursday, Cisco listed 77 vulnerable routers in the lines sold to small offices, home offices, branch offices and telecommuters. The advisory recommended that users change the default username and password required to access the router's configuration settings, and disable the device's HTTP server feature..."
Updated: Feb 15, 2007
Posted 02 October 2007 - 05:01 PM
Default Passwords: A Hacker's Dream
Sept. 26, 2007 - "...Moore said what made the hacking job so easy was that 70% of all the companies he scanned were insecure, and 45% to 50% of VoIP providers were insecure. The biggest insecurity? Default passwords. "I'd say 85% of them were misconfigured routers. They had the default passwords on them," said Moore..."
Posted 15 January 2008 - 07:57 AM
Home routers 'vulnerable to remote take-over'
15 Jan 2008 - "...Design flaw in most home routers that allows attackers to remotely control the devices by luring an attached computer to a booby-trapped website. The weakness could allow attackers to redirect victims to fraudulent destinations that masquerade as trusted sites belonging to banks, ecommerce companies or health care organizations. The exploit works even if a user has changed the default password of the router. And it works regardless the operating system or browser the computer connected to the device is running, as long as it has a recent version of Adobe Flash installed... Routers made by Linksys, Dlink and SpeedTouch have been confirmed to be vulnerable, and other manufacturers' products are also likely susceptible to attack, the researchers said. Most routers have UPnP turned on by default. The only way to prevent the attack is to turn the feature off, something that is possible with some, but not all, devices..."
January 14, 2008
Last Updated: 2008-01-15 16:55:01 UTC
Edited by AplusWebMaster, 22 January 2008 - 06:36 AM.
Posted 22 January 2008 - 11:06 AM
Drive-by Pharming in the Wild
Last Updated: 2008-01-24 02:11:21 UTC
Edited by AplusWebMaster, 24 January 2008 - 06:50 AM.
Posted 09 March 2008 - 08:09 AM
Defending your router, and your identity, with a password change
March 8, 2008 - "...Every router, wired or wireless, has an internal website used to make configuration changes. Accessing this internal website requires a userid/password, something totally independent of any wireless network passwords... In brief, if your router is using the default password, your computer is vulnerable to an attack where the router is re-configured. Specifically, the dangerous configuration option is the DNS server... Malicious DNS servers can result in your visiting to a website, any website, and ending up at a phony version of the site run by bad guys. If the website is that of a bank or credit card company, and you enter a userid/password, you can kiss your identity, and money, good-bye..."
Released: 3 Mar 08 - APWG Releases Dec 2007 Phishing Trends Report
(From the report - pg. 8, "Phishing-based Trojans – Redirectors")
"...Along with phishing-based keyloggers we are seeing high increases in traffic redirectors. In particular the highest volume is in malicious code which simply modifies your DNS server settings or your hosts file to redirect either some specific DNS lookups or all DNS lookups to a fraudulent DNS server. The fraudulent server replies with “good” answers for most domains, however when they want to direct you to a fraudulent one, they simply modify their name server responses. This is particularly effective because the attackers can redirect any of the users requests at any time and the end-users have very little indication that this is happening as they could be typing in the address on their own..."
Edited by AplusWebMaster, 10 March 2008 - 05:46 AM.
Posted 17 March 2008 - 04:25 AM
Latest DAT Release 03 13 2008 - "This fake codec is actually a hijacker that will change your DNS settings whether you are aquire your IP settings through DHCP or set your IP information manually. This hijacker will attempt to re-route all your DNS queries through 85.255.x.29 or 85.255.x.121 (RBN).... rogue DNS servers..."
Posted 21 March 2008 - 10:07 AM
Linksys WRT54G Security Bypass vuln - updates available
Release Date: 2008-03-21
Impact: Security Bypass
Where: From local network
Solution Status: Vendor Patch
OS: Linksys WRT54G Wireless-G Broadband Router
...The vulnerability is reported in firmware version 1.00.9. Other versions may also be affected.
Solution: Install updated firmware versions.
WRT54G v5/v6: Install version 1.02.5.
WRT54G v8: Install version 8.00.5.
WRT54G v8.2: Install version 8.2.05 ...
Last revised: 3/11/2008
CVSS v2 Base score: 10.0 (High)
"...allows -remote- attackers to perform arbitrary administrative actions.."
Linksys WRT54G » Downloads
WRT54G v5/v6: Install version 1.02.5. (3/03/2008)
WRT54G v8: Install version 8.00.5. (1/18/2008)
WRT54G v8.2: Install version 8.2.05 (1/18/2008) ...
Posted 21 March 2008 - 01:31 PM
D-Link router based worm?
Last Updated: 2008-03-21 16:44:10 UTC - "...I suspect someone is using snmp to reconfigure the router to its default password or to read it's admin password and then accessing the D-Link via telnet to modify the routers configuration or firmware. The D-Link DWL-1000AP had an snmp based password confidentiality vulnerablity reported back in 2001... I doubt this attack includes changing the firmware of the router itself to become router based self propagating worm while possible it is more difficult then compromising one of the home systems. Given control of a device like this in the network it would be relatively simple to redirect consumer's traffic to a site with client side exploits that would compromise any computer that was not fully patched..."
Posted 08 April 2008 - 05:55 AM
08 April 2008 - "...The technical details of a DNS rebinding attack are complex, but essentially the attacker is taking advantage of the way the browser uses the DNS system to decide what parts of the network it can reach... On Tuesday, OpenDNS* will offer users of its free service a way to prevent this type of attack, and the company will also set up a website that will use Kaminsky's techniques to give users a way to change the passwords of vulnerable routers. The attack "underscores the need for people to be able to have more intelligence on the DNS," Ulevitch said. Although this particular attack takes advantage of the fact that routers often use default passwords that can be easily guessed by the hacker, there is no bug in the routers themselves..."
Posted 09 April 2008 - 04:38 AM
April 8, 2008 (Computerworld) - "... OpenDNS will offer users of its free service a way to prevent this type of attack, and the company will also set up a Web site* ... to give users a means of changing the passwords of vulnerable routers..."
Posted 10 April 2008 - 12:13 PM
(Symantec ThreatCon / Environment / Network Activity Spotlight)
"The DeepSight Threat Analyst Team is monitoring TCP port 23 and UDP port 161. These ports have both been associated with recent reports of a new bot that is exploiting and installing itself on D-Link routers.
The bot is designed to attack only D-Link routers over port 23 (Telnet) and contains functionality to scan for TCP port 23, launch IRC clone floods, and launch DDoS attacks. The author of this malicious software is charging 200 US dollars for the software, making it likely that this malware and variants of this malware will become widespread."
Edited by AplusWebMaster, 10 April 2008 - 12:21 PM.
Posted 11 April 2008 - 02:53 PM
Home Wireless AP Hardening in 5 Steps
Last Updated: 2008-04-11 19:58:32 UTC - "... There are dangers in all consumer network hardware that require the attention of everyone that installs these devices regardless of the vendor. Taking a device out of the box, plugging it in and letting it go can expose you to "worms" or other remote-based exploitation. This stems from a similar problem with software and operating systems, namely, these things do not ship in a secure-by-default configuration.
Here are 5 easy steps to take when you get a network device / access point to harden yourself against "easy" exploitation (and this applies to ALL hardware):
1) Change the default passwords...
2) Disable remote administration...
3) Update the firmware...
4) Disable unused services...
5) Change the default settings of the device..."
(More detail at the Internet Storm Center URL above.)
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users