Discussion in 'other firewalls' started by bigc73542, Jan 15, 2008.
Flash Attack Could Take Over Your Router
This is a very interesting article. FWIW, I've had UPnP turned off for some time in my router configuration with no resulting connection problems.
Thanks for the heads up, bigc.
Although knowledge of this news maybe more of a motivation to disable UPnP on your router than to use AlphaShield...
you are probably right about just disabling UPnP but I had to take the shot Love my AlphaShield
Had a look at the website apart from a lot of great sounding marketing, I am just as uninformed as before.
What exactly is this "wonderthing" doing and why do I need this in addition to my Router and software firewall? Aren't both routers and software firewall meant to close your ports and/or stealth your pc?
One of the advantages with AlphaShield is, that it blocks connections to all other sites, than the one you visit. This will give you good protection against Cross Site Scripting, redirects, and bannerinjections. I love Alphashield too
Oh really? Where is this feature documented?
Thats why it also blocks third party popups
Lol so thats what it means. I wish they would just explain it more concretely.
But I have always disabled upnp.
It's good to see a Canadian company like AlphaShield make this kind of progress.
I'm still not sold on AS and probably never will be. I'll take a nice router over that "blackbox" device anyday.
And how is going to know AS which site is requested by the user and which one is requested automatically by the browser?
software firewalls and router firmware can be corrupted, an AlphaShield is a Hardware FW and it is not corruptable by attack There ia a $100.000 reward if you can hack an AlphaShield, it hasn't been done yet.
Do you know for a fact that router firmware can be corrupted? If so please explain. The marketers of AlphaShield make all kinds of claims, but where is the corroboration by disinterested third party testers?
Maybe the AlphaShield isn't so bad but no serious tests has been done yet with this product. An hardware SPI firewall like the wrt54g with upnp disabled will surely be as good if not better than the AS. Viruses, trojans or malwares don't care if you're behind a router or a router + an AS anyway.
If I have this figured out right the connection sequence is:
DSL Line -> Router -> AlphaShield -> Workstation Switch -> Multiple PCs
Assuming something gets past the router with its SPI FW enabled, and
one or more of the PCs does not have and inbound FW enabled, UPnP blocked
or disabled, etc., then AlphaShield provides a secure SPI layer of
Is the above example correct? (Linksys Workgroup switch used on my
multiple PC home set-up)
Can AlphaShield be connected in FRONT of the router to protect it also?
Would it make sense to do that if it can be done?
It's easy to boast a 100% guarantee if your Internet connection is severed.
The "AlphaGAP Technology" sounds the same as the power on/off of my broadband modem and I really doubt that the logical disconnect or reconnect is something useful as once you're infected with virus, trojans or something else, it'll usually tend to establish an outbound connection even if you don't want. What will tell the AS if it's you or the malicious program? I guess Nothing.
In my opinion, if you already have a good router/firewall with SPI, this AlphaShield is a useless additional layer of protection.
Router software is definatly corruptable and suseptable to attack
http://news.zdnet.co.uk/security/0,1000000189,39211011,00.htm in other articles concerning this it is stated that this exploit is possible in personal home routers also.
And here is a very interesting from Bnet which is cnet's business site. http://findarticles.com/p/articles/mi_m0EIN/is_2005_August_18/ai_n14926767
There is a promotional video on the AlphaShield website that indicates you can put the AS in front of a router.
Thanks, I looked at the video. I have a combined modem/router unit
provided by the ISP, so I guess in that case it would go behind the
router, not in front of it, using the set-up instructions shown.
Very Interesting....finally some good reasons to be careful with UPnP.
But I thought UPnP in routers mainly gives 'remote' software the full control on ports (opening/closing) without the need of manually opening them on the router.
Are there UpnP commands to completely reset the DNSs of the router? Or there is some other hacks combined with UpnP that changes the main configuration of the router?
Thanks you in advance for any feedback...
This topic is already being discussed here:
At the link Stem gave there is a POC consisting of code that can be compiled with Adobe Flex and set up on a webpage with an embedded flash object.
If someone has the flash skills to set up such a test or knows of some harmless test locations, it would be nice to see what can security software do against those specially crafted .swf files. Probably not much.
Also, this exploit is not necessarily easy to perform, requiring the conjugation of several factors.
For the time being, turning UPnP off on the router seems to be the only real solution (flash can be blocked, but other stuff such as java etc.. can be used - in principle - to perform the UPnP hack). The thing is, most people will have no clue how to set up manual port forward.
Separate names with a comma.