April 18, 2015, 06:41:06 pm *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Visit our home page for VL info. To search the old message board go to The first VL forum is temporarily offline until we can find a host for it. Thanks for your patience.
Now powered by KnowledgeDex.
   Home   Help Search Login Register  
Please support VectorLinux!
Pages: [1]
Author Topic: Lock Down Your Router!  (Read 9174 times)
Posts: 1346

Registered Linux User #386728

« on: February 19, 2007, 12:55:06 pm »

Indiana University, in conjunction with Symantec, published a technical report on Drive-By Pharming. Basically, this type of phishing involves hackers using default passwords on routers via malicious Javascript to hijack a router and change the DNS cache in the router. The effect would be to point users to fake web sites.

Here is a link to a ZDnet article about this exploit:

Here are links to the Indiana University report about the exploit: - the abstract (summary) - the details

Note that the report has not yet been published. I would take this one seriously, as Linux boxes can likely be used to mess up a router via malicious sites. The bottom line is to lock down your router by changing the default password on it.


VL 6.0 SOHO latest alpha on one box, VL 5.9 Lite on the other.
Posts: 27

What's your voltage, Coppertop?

« Reply #1 on: March 28, 2007, 05:08:49 am »

And if you have any doubts about the availability of these factory default passwords this is the list every hacker and "wardriver" uses:

Also a handy password strength checker:

Don't worry.....big, bad MSFT lets you visit and browse all over the place with Opera/Linux despite the fact that they could easily block all such access.  Wink  D.

Net neutrality - now and forever!
Posts: 2

« Reply #2 on: January 29, 2008, 08:49:00 pm »

While you are on the topic of router insecurity, a more serious problem has been reported when just about any router that uses UPNP could be compromised by a flash attack, and that regardless of the operating system. It exploits the lack of authentication with UPNP. You can look it up on "The register" a UK newsletter. Quite interesting.

Pages: [1]
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!