The Digital Rag
Real World Information in a Virtual World
Sign Up!
Login Welcome to The Digital Rag
Thursday, September 09 2010 @ 05:25 AM PDT

Your Home Router Is Next Up For Attack

Thursday, January 24 2008 @ 05:28 PM PST

Contributed by: Richard Pitt

Newsletter Postings

Over the past couple of days I've been watching an issue develop that has implications for virtually all of my customers, friends, relatives and everyone on this list - as well as most of the people on the Internet from home and many from their offices too.

The subject is the little hardware firewalls that most of us have.

If you have one of the really early ones (as I do) this should not be an issue. But if you have one that uses UPnP (Universal Plug 'n Play) to configure it (the CD/software that comes with the device says "Install me first" usually) then you need to be aware of this problem.

There is a bug in UPnP that allows a piece of software downloaded to your computer to get into the router and change its settings.

The software gets onto your computer from what is known as a "drive-by" download - either you visit a web site that has been compromised - and there are tens of thousands of them that this has happened to in recent weeks - or you click on a link in an e-mail you receive that takes you to one of the crooks' own web machines.

In most cases the software changes the DNS (Domain Name Server) settings in the router so that your computer will start getting the wrong addresses when you for example try to go to your bank's computer.

The system will set up what is called a Man-in-the-middle attack which will insert itself into the conversation between you and the bank - and take your information. In extreme cases the attack will change your requests to the bank to instead transfer money to the attacker.

What can you do about this???

At this point the manufacturers of these devices have not come up with any solutions. The devices are manufactured by companies all over the world and found in popular stores everywhere.

The short list of options so far includes:

Change the default password on the device (any I've installed for you this has been done)

Turn off UPnP - I don't think all such devices have this option but you can check

Change the internal network to use something other than the 192.168.x.x address ranges - either 172.16-31.x.x or 10.x.x.x - this is a major change if your network has any machines with fixed IP addresses in it so is not to be changed without consultation with your network person.

More information:
http://isc.sans.org/diary.php?storyid=3881
http://www.darkreading.com/document.asp?doc_id=143840&f_src=darkreading_default

Story Options

What's New

Stories


Comments last 2 days

No new comments

Trackbacks last 2 days

No new trackbacks

Older Stories

Saturday 17-Jul


Friday 02-Jul


Thursday 10-Jun


Tuesday 08-Jun


Friday 04-Jun


Tuesday 01-Jun


Sunday 30-May


Saturday 29-May

Ad

Poll

How do you like to find out news about the internet and computers?

  •  Newspaper
  •  Radio
  •  TV
  •  Web Search
  •  Favourite Web Site(s)
  •  Pod Cast
  •  Video Online
  •  Email List(s)
  •  RSS - Syndication
  •  Word of mouth
This poll has 0 more questions.
Results
Other polls | 4 votes | 0 comments

Upcoming Events

Stream 2010
Thu Sep 30, 2010
Streaming Media West 2010
Tue Nov 02, 2010

Event List