[Cialug] ISPs and patching routers

Dave Weis djweis at internetsolver.com
Tue Oct 2 11:43:13 CDT 2012


In this exploit it doesn't matter if WAN admin is enabled or not. The victim loads a page that does some type of javascript requests to the modem using the default username and password and modifies what DHCP hands out for DNS servers. It's all coming from the inside interface of the firewall, not the outside.


-----Original Message-----
From: cialug-bounces at cialug.org [mailto:cialug-bounces at cialug.org] On Behalf Of Adam Hill
Sent: Tuesday, October 02, 2012 11:17 AM
To: Central Iowa Linux Users Group
Subject: Re: [Cialug] ISPs and patching routers

I believe dd-wrt has WAN management disabled by default.  I haven't gotten
around to setting up OpenVPN either, which would be a more ideal solution,
so I'm using an open wan management on an non-default port for convenience.

On Tue, Oct 2, 2012 at 10:00 AM, Barry Von Ahsen <barry at vonahsen.com> wrote:

> is there an option to not allow management from WAN?
>
> or is this in addition to that?
>
>
> -barry
>
>
> On Oct 2, 2012, at 9:42 AM, Adam Hill wrote:
>
> > One of my benched side projects is setting up knockd (port knocker) on my
> > dd-wrt router so I don't have to leave it's web interface open to be
> found
> > by port scanners and can open port forwards by port knocks.
> >
> > On Tue, Oct 2, 2012 at 9:12 AM, David Champion <dchamp1337 at gmail.com>
> wrote:
> >
> >> dd-wrt / openwrt are one of the targets of this attack as well. If
> you're
> >> not up to date, or haven't configured it correctly, you may have
> problems.
> >>
> >> -dc
> >>
> >> On Tue, Oct 2, 2012 at 9:08 AM, Nathan C. Smith <nathan.smith at ipmvs.com
> >>> wrote:
> >>
> >>> Here is a related article:
> >>>
> >>>
> >>>
> >>
> https://www.securelist.com/en/blog/208193852/The_tale_of_one_thousand_and_one_DSL_modems
> >>>
> >>> This one makes it sound like an A-V company was having trouble
> >> determining
> >>> how the computer was being manipulated and redirected because it was
> >> being
> >>> done outside the computer through the DSL modem.
> >>>
> >>> May you live in interesting times.
> >>>
> >>> -Nate
> >>>
> >>> -----Original Message-----
> >>> From: cialug-bounces at cialug.org [mailto:cialug-bounces at cialug.org] On
> >>> Behalf Of Josh More
> >>> Sent: Tuesday, October 02, 2012 8:53 AM
> >>> To: Central Iowa Linux Users Group
> >>> Subject: [Cialug] ISPs and patching routers
> >>>
> >>> Looks like the router attack we've long known was possible is now
> >> actually
> >>> being used.
> >>>
> >>> This would be a good time to move friends and family over to openwrt or
> >>> ddwrt.  (Or an ISP that takes responsibility for security.)
> >>>
> >>> Details are here:
> >>>
> >>>
> >>
> http://arstechnica.com/security/2012/10/dsl-modem-hack-infects-millions-with-malware/
> >>>
> >>>
> >>> -Josh
> >>> _______________________________________________
> >>> Cialug mailing list
> >>> Cialug at cialug.org
> >>> http://cialug.org/mailman/listinfo/cialug
> >>> _______________________________________________
> >>> Cialug mailing list
> >>> Cialug at cialug.org
> >>> http://cialug.org/mailman/listinfo/cialug
> >>>
> >> _______________________________________________
> >> Cialug mailing list
> >> Cialug at cialug.org
> >> http://cialug.org/mailman/listinfo/cialug
> >>
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > http://cialug.org/mailman/listinfo/cialug
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug


More information about the Cialug mailing list