Home Routers Vulnerable to Web Hack - DNS Rebinding

Discussion in 'other security issues & news' started by Ocky, Jul 16, 2010.

Thread Status:
Not open for further replies.
  1. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Millions of Home Routers Vulnerable to Web Hack - DNS Rebinding
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    These things are always over-hyped.
     
  3. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I've made my opinion known many times here that the bad guys are much more interested in getting users to hand over their data willingly these days than using the latest, greatest tricks to come out of Black Hat or anywhere else. It's far easier and less risky to con than to attack, unless you are a high value target. Besides, if I worried about everything to come out of Black Hat yearly, I wouldn't even want to boot my computer up.
     
  4. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    This can only be accomplished through access to the router, so again, as long as you change the router login defaults in other words change the password, this vulnerability would not succeed.

    Saying that uninformed users simply wouldn't think to change the password so vendors will need to patch their firmware and educate users on changing defaults.
     
    Last edited: Jul 18, 2010
  5. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667

    True story.
    My parents intially had some problems with getting their DSL line. The line had to be replaced etc. The router was supplied by the DSL company. The DSL technician told my dad to not change the default router password. And my dad would not let me change the password. At least I convinced him to turn off wireless.
     
  6. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    I treat the default as only the initial user name and password because you have to have something for access, once you've set up your connection details the user name and password should be changed because they are known for every router and an attack could take advantage of this. Educate your Dad :)
     
  7. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    He is resistant to education from me :p
    He has not done windows update since when I gave him the computer four years back o_O
    Of course, now its infected and runs slowly. :doubt:
     
  8. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Bingo...some simple smarts. Just like making sure you secure your wireless network, and just like making sure you have a password for your Administrator or Root account. Common sense stuff, ya know? Follow some basic best practices, and you can shrug off these overhyped things.
     
  9. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I wonder if the attack uses Autonomous System Scanner or takes advantage of tFTP that stores router information?
     
  10. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    No, it just uses DNS Rebinding.

    Here is another related article from Craig Heffner from 2008 about router attacks.
    SOHO Router Report PDF
     
  11. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    hackadeeemix.net

    Noscript now protects against this attack since 2.0 rc5
     
  12. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,101
    Location:
    Adelaide
    If you use OpenDNS, they offer protection for this under the security settings page.

    http://i.imgur.com/FGy89.png

    Edit: Cannot seem to insert images.
     
  13. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    That is very interesting. I am using one of several proxies provided by my ISP and have entered it under Preferences> Adv.>Network>Settings>Manual Proxy Configuration (In FF)..
    HTTP Proxy: xxx.xx.xxx.xx Port: 8080
    As I am not too bright with Proxy/DNS related stuff could you advise whether NoScript will protect in my case ? It shows the WAN IP correctly under ABE, but I am confused about external vs. internal protection. :argh:
     
  14. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    Had that enabled for years, completely forgot about it heh.
     
Loading...
Thread Status:
Not open for further replies.