Please support VectorLinux!

Author Topic: Lock Down Your Router!  (Read 9194 times)

JohnB316

  • Administrator
  • Vectorian
  • *****
  • Posts: 1346
  • Registered Linux User #386728
Lock Down Your Router!
« on: February 19, 2007, 12:55:06 pm »
Indiana University, in conjunction with Symantec, published a technical report on Drive-By Pharming. Basically, this type of phishing involves hackers using default passwords on routers via malicious Javascript to hijack a router and change the DNS cache in the router. The effect would be to point users to fake web sites.

Here is a link to a ZDnet article about this exploit: http://news.zdnet.com/2100-1009_22-6159938.html

Here are links to the Indiana University report about the exploit: http://www.cs.indiana.edu/cgi-bin/techreports/TRNNN.cgi?trnum=TR641 - the abstract (summary)

http://www.cs.indiana.edu/pub/techreports/TR641.pdf - the details

Note that the report has not yet been published. I would take this one seriously, as Linux boxes can likely be used to mess up a router via malicious sites. The bottom line is to lock down your router by changing the default password on it.

HTH,
John
VL 6.0 SOHO latest alpha on one box, VL 5.9 Lite on the other.

subgeniusd

  • Member
  • *
  • Posts: 27
  • What's your voltage, Coppertop?
Re: Lock Down Your Router!
« Reply #1 on: March 28, 2007, 05:08:49 am »
And if you have any doubts about the availability of these factory default passwords this is the list every hacker and "wardriver" uses:

http://www.phenoelit.de/dpl/dpl.html

Also a handy password strength checker:

https://www.microsoft.com/athome/security/privacy/password_checker.mspx

Don't worry.....big, bad MSFT lets you visit and browse all over the place with Opera/Linux despite the fact that they could easily block all such access.  ;)  D.
Net neutrality - now and forever!

dispose256

  • Member
  • *
  • Posts: 2
Re: Lock Down Your Router!
« Reply #2 on: January 29, 2008, 08:49:00 pm »
While you are on the topic of router insecurity, a more serious problem has been reported when just about any router that uses UPNP could be compromised by a flash attack, and that regardless of the operating system. It exploits the lack of authentication with UPNP. You can look it up on "The register" a UK newsletter. Quite interesting.

dispose256