Home Routers Vulnerable to Web Hack - DNS Rebinding

Millions of Home Routers Vulnerable to Web Hack - DNS Rebinding

 

These things are always over-hyped.

 

I've made my opinion known many times here that the bad guys are much more interested in getting users to hand over their data willingly these days than using the latest, greatest tricks to come out of Black Hat or anywhere else. It's far easier and less risky to con than to attack, unless you are a high value target. Besides, if I worried about everything to come out of Black Hat yearly, I wouldn't even want to boot my computer up.

 

This can only be accomplished through access to the router, so again, as long as you change the router login defaults in other words change the password, this vulnerability would not succeed.

Saying that uninformed users simply wouldn't think to change the password so vendors will need to patch their firmware and educate users on changing defaults.

 

True story.
My parents intially had some problems with getting their DSL line. The line had to be replaced etc. The router was supplied by the DSL company. The DSL technician told my dad to not change the default router password. And my dad would not let me change the password. At least I convinced him to turn off wireless.

 

I treat the default as only the initial user name and password because you have to have something for access, once you've set up your connection details the user name and password should be changed because they are known for every router and an attack could take advantage of this. Educate your Dad

 

He is resistant to education from me
He has not done windows update since when I gave him the computer four years back
Of course, now its infected and runs slowly.

 

Bingo...some simple smarts. Just like making sure you secure your wireless network, and just like making sure you have a password for your Administrator or Root account. Common sense stuff, ya know? Follow some basic best practices, and you can shrug off these overhyped things.

 

I wonder if the attack uses Autonomous System Scanner or takes advantage of tFTP that stores router information?

 

No, it just uses DNS Rebinding.

Here is another related article from Craig Heffner from 2008 about router attacks.
SOHO Router Report PDF

 

hackadeeemix.net

Noscript now protects against this attack since 2.0 rc5

 

If you use OpenDNS, they offer protection for this under the security settings page.

http://i.imgur.com/FGy89.png

Edit: Cannot seem to insert images.

 

That is very interesting. I am using one of several proxies provided by my ISP and have entered it under Preferences> Adv.>Network>Settings>Manual Proxy Configuration (In FF)..
HTTP Proxy: xxx.xx.xxx.xx Port: 8080
As I am not too bright with Proxy/DNS related stuff could you advise whether NoScript will protect in my case ? It shows the WAN IP correctly under ABE, but I am confused about external vs. internal protection.

 

Had that enabled for years, completely forgot about it heh.