Shadowclan Main Page The Shadowclan Dark Moot

 
 CalendarCalendar   FAQFAQ   SearchSearch   CharactersCharacters   GroupsGroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Calendar 
Calendar eventCalendar
Wed 13 Dec 2017
Thu 14 Dec 2017
Fri 15 Dec 2017
Sat 16 Dec 2017
Sun 17 Dec 2017
Mon 18 Dec 2017
Router Vulnerabilities

 
Post new topic   Reply to topic    The Shadowclan Dark Moot Forum Index -> General Discussion
View previous topic :: View next topic  
Author Message
Bagh'Nakh



Joined: 18 Aug 2002
Posts: 1148

PostPosted: Fri Jul 16, 2010 8:34 am    Post subject: Router Vulnerabilities Reply with quote

I know this would normally go in the Computers forum but this is a warning and not a request for advice. If you're not a Slashdot reader, then you likely missed the story that during Black Hat 2010 which is just a week or so away out here, a security researcher will publish code that will allow in-the-wild exploits of routers. He claims that by visiting a malicious site, he can put a DNS entry in for your own router which would give the site access to the router. He also claims that he can run the script even if you're using OpenDNS and Firefox/NoScript (which I really need to see to believe, as I use both)

Long story short, if you have the default settings on your home router or your firmware is thoroughly out of date, you might be vulnerable to an attack that will be highly prevalent in the coming months.

Story link:
http://blogs.forbes.com/firewall/2010/07/13/millions-of-home-routers-vulnerable-to-web-hack/


_________________
Muglun/Veljin - WoW Ravenholdt
Bagh'Nakh - UO SP
Rutgut - DAoC Mordred
Back to top
View user's profile Send private message Visit poster's website
K'Dahbruh
Old Admin
Old Admin


Joined: 11 Jul 2002
Posts: 13548

PostPosted: Fri Jul 16, 2010 8:52 am    Post subject: Reply with quote

I'd like a test that will tell me if my router is vulnerable.
Back to top
View user's profile Send private message
Hamurak



Joined: 21 Sep 2008
Posts: 580

PostPosted: Fri Jul 16, 2010 11:01 am    Post subject: Reply with quote

Erm.. is my router the box my ISP gave me to plug my phone/tv/net cables into?

I'm not sure i'm able to access that thing...

i guess this thing will steamroll me..


_________________
Weezug Gobo Shaman Fixxa an Zappa!
Back to top
View user's profile Send private message
Khasha'an



Joined: 08 Oct 2003
Posts: 9039
Character Skills: Ghaka'ka fir'khanim

PostPosted: Fri Jul 16, 2010 11:36 am    Post subject: Re: Router Vulnerabilities Reply with quote

So what you're saying is...

Bagh'Nakh wrote:
Some guy has hax.


Great. So what do we do about it? Please explain in simple terms, because I know very little about computers.


_________________
WASHINGTON REDSKINS
Back to top
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger
Bagh'Nakh



Joined: 18 Aug 2002
Posts: 1148

PostPosted: Fri Jul 16, 2010 12:20 pm    Post subject: Reply with quote

Update the firmware on your router and make sure you've changed the default login and password.

_________________
Muglun/Veljin - WoW Ravenholdt
Bagh'Nakh - UO SP
Rutgut - DAoC Mordred
Back to top
View user's profile Send private message Visit poster's website
Khasha'an



Joined: 08 Oct 2003
Posts: 9039
Character Skills: Ghaka'ka fir'khanim

PostPosted: Fri Jul 16, 2010 1:14 pm    Post subject: Reply with quote

Well. I had to look up firmware, because I didn't know what it meant. Now my question is...what part of my computer is the router? Or do I not even have one?

All I know is I have a computer, with an ethernet cable hooked up to a cable modem that goes to my cable outlet. Is the router the place where I plugged my ethernet cable on the computer tower itself?


_________________
WASHINGTON REDSKINS
Back to top
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger
Azh
Old Admin


Joined: 31 Jul 2002
Posts: 9900
Character Skills: Grandmaster Grumpiness

PostPosted: Fri Jul 16, 2010 1:35 pm    Post subject: Reply with quote

Khasha'an wrote:
All I know is I have a computer, with an ethernet cable hooked up to a cable modem that goes to my cable outlet.


Sounds like you dont have a router. If you did, it would be hooked up to your cable modem. They're generally used to connect multiple computers to the net and/or allow you to access the Internet wirelessly.

Here is a picture of a typical Linksys router.



_________________
*snorts*
Back to top
View user's profile Send private message
Gutlak



Joined: 14 Jul 2005
Posts: 1829

PostPosted: Fri Jul 16, 2010 1:38 pm    Post subject: Reply with quote

Never mind: Azh answered it first so I'm just deleting the text of my post.

_________________
Astzebus: TOR
Gutlak, Braktor: WoW
Jharkul, Nkria, Grothnir: Shadowbane
Oesmiko: SWG
Back to top
View user's profile Send private message
Hin



Joined: 20 Aug 2002
Posts: 5118
Character Skills: Pie

PostPosted: Fri Jul 16, 2010 1:46 pm    Post subject: Reply with quote

Router



no router


Back to top
View user's profile Send private message Send e-mail AIM Address
Khasha'an



Joined: 08 Oct 2003
Posts: 9039
Character Skills: Ghaka'ka fir'khanim

PostPosted: Fri Jul 16, 2010 1:55 pm    Post subject: Reply with quote

I'm picture number 2, so no worries about this particular threat.

Why isn't the orc on the example monitor green btw?


_________________
WASHINGTON REDSKINS
Back to top
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger
Hamurak



Joined: 21 Sep 2008
Posts: 580

PostPosted: Fri Jul 16, 2010 2:16 pm    Post subject: Reply with quote

Har great diagrams Hin!

_________________
Weezug Gobo Shaman Fixxa an Zappa!
Back to top
View user's profile Send private message
Huurk



Joined: 12 Oct 2003
Posts: 3785

PostPosted: Fri Jul 16, 2010 4:38 pm    Post subject: Reply with quote

Picture number 2 could also be a router setup. I have AT&T U-Verse, I have a DSL modem and router in a single box.
Back to top
View user's profile Send private message
Severian



Joined: 20 Aug 2002
Posts: 3332

PostPosted: Fri Jul 16, 2010 5:10 pm    Post subject: Reply with quote

Likewise, I have DSL through Verizon, using only one supplied box. But it does have multiple ports to connect ethernet cables, and it is described thusly:

This ADSL modem is a NAT router with a four port 10/100BaseT Ethernet switch and 802.11g wireless interface. The Ethernet switch is plug and play and does not require drivers. This router provides NAT functions with the option to configure firewall and port forwarding.

There are no Westells listed among those 30 tested shown in the article, so I have no idea if it is vulnerable. No idea if a firmware update would make a difference to this vulnerability, either. I did change the password long ago, at least.


_________________
Tiger got to hunt,
Bird got to fly;
Man got to sit and wonder, "Why, why, why?"

Tiger got to sleep,
Bird got to land;
Man got to tell himself he understand.
Back to top
View user's profile Send private message
Gorgok



Joined: 20 Aug 2002
Posts: 4193
Character Skills: ----- Gorgok: Sneeki Wompr, Gurguk: Sneeki Kiggr, Ojomrog: Teefn Mojo, Budrog: Drumdum

PostPosted: Fri Jul 16, 2010 5:38 pm    Post subject: Reply with quote

I wonder if my tomato firmware running Buffalo routers would be at risk? The same firmware can be installed on the WRT54GL which the list states as a YES to fully compromised.

Sadly, with tomato i don't think i can change the login username, only the password, but i'll update it and look into it some later anyway.


_________________
-Gorgok
Gor am evil. Reeli evil.
Back to top
View user's profile Send private message
Grug'tar



Joined: 30 Jan 2003
Posts: 1432

PostPosted: Sat Jul 17, 2010 1:56 am    Post subject: Reply with quote

THis type of attack has been out there for bit now.

_________________
"Nub peez dun me bak agh blah me id ib rainun"
Bloodmoom Luskr, Catskills UO
Tribeless Maurk, Angel Island UO
Grunt Warrior, Bleeding Hollow WOW
Gahklusks Family, Battlemaster
Mental Patient, Urban Dead
Pilot in Stasis, EVE
Back to top
View user's profile Send private message Send e-mail
Baggi



Joined: 31 Jul 2002
Posts: 10886

PostPosted: Sat Jul 17, 2010 12:05 pm    Post subject: Reply with quote

Huurk wrote:
Picture number 2 could also be a router setup. I have AT&T U-Verse, I have a DSL modem and router in a single box.


Yeah, I don't have a "router" per say, but I use Qwest and the modem they gave me must have a router in it.

Why?

Because I get wifi throughout my house.

But how do I update their equipment?


_________________
Capital City in Travian
Back to top
View user's profile Send private message
Huurk



Joined: 12 Oct 2003
Posts: 3785

PostPosted: Sat Jul 17, 2010 4:07 pm    Post subject: Reply with quote

1) Get the model number off your modem/router label
2) Go here: http://search.qwest.com/index_r.html?http://www.qwest.com/customerService/
3) Type "firmware upgrade" in the search box
4) You should be able to take it from here

Of course, upgrading your firmware will only help if the latest firmware has a fix for this issue. It might be easier to change the default password of your router, which is as easy as logging into your router and changing it (I know how to log into and configure mine, but I don't know what you have, so I can't help. Tech support should be able to help you with that)

Back to top
View user's profile Send private message
Murgosch



Joined: 30 Jun 2005
Posts: 474

PostPosted: Mon Jul 26, 2010 8:24 am    Post subject: Reply with quote

Make sure your firmware upgrade doesn't kill your router, no sense in updating if your DSL/Cable provider doesn't support it.. this is of course for those of us with all in one Modem/Routers.

_________________
Murgosch, UO An Corp.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Huurk



Joined: 12 Oct 2003
Posts: 3785

PostPosted: Mon Jul 26, 2010 2:27 pm    Post subject: Reply with quote

That's why I referred him to the tech support website created by his service provider. I doubt Qwest would put a firmware update on their site that they don't support. But then I've seen companies do dumber things.
Back to top
View user's profile Send private message
Bagh'Nakh



Joined: 18 Aug 2002
Posts: 1148

PostPosted: Sat Jul 31, 2010 5:29 pm    Post subject: Reply with quote

So I just got back from this presentation at DEFCON. It was well done, live demo even worked which is a small miracle. The technique itself is not very difficult and I expect to see a lot more of these attacks springing up soon.

As far as the answer for many folks as to whether their router is vulnerable, the easiest test is as follows:

1. Find the external IP of your router. Many sites such as www.ip-adress.com will tell you.

2. In another browser, go to that address. If you see an information screen about your router, your router is vulnerable.


The remediation steps that he recommended are:

1. Change the default router password and make it something somewhat difficult

2. Go to your manufacturer's website and see if a firmware update is available to fix this issue

3. Disable remote administration, UPnP, and HTTP proxy access to your router. Ensure SSH or HTTPS remains enabled so you don't get locked out. If you don't know what you're doing, skip this.


_________________
Muglun/Veljin - WoW Ravenholdt
Bagh'Nakh - UO SP
Rutgut - DAoC Mordred
Back to top
View user's profile Send private message Visit poster's website
Zortee



Joined: 21 Aug 2002
Posts: 1796

PostPosted: Sun Aug 01, 2010 2:00 am    Post subject: Reply with quote

You also might want to check ports 8080, 8000, etc...just in case. Some routers use alternate ports for external administration.

_________________
Hoowah Shadowclan!!

Zortee - Gruntee Heelur Shaman, Kuuk'r Goth - Retired
Bleeding Hollow WoW
Zortee - Wargod's Own Grunt - SP - Retired
Back to top
View user's profile Send private message
Severian



Joined: 20 Aug 2002
Posts: 3332

PostPosted: Sun Aug 01, 2010 10:59 am    Post subject: Reply with quote

Thanks Bagh'Nakh.
My router did show up that way.
No luck on the firmware, but now I have changed the username as well, and switched to a longer, complicated password.


_________________
Tiger got to hunt,
Bird got to fly;
Man got to sit and wonder, "Why, why, why?"

Tiger got to sleep,
Bird got to land;
Man got to tell himself he understand.
Back to top
View user's profile Send private message
Zortee



Joined: 21 Aug 2002
Posts: 1796

PostPosted: Sun Aug 01, 2010 12:33 pm    Post subject: Reply with quote

Don't forget #3, Sev...

It's possible that a vulnerability exists that the hacker might not need a password....

Remote Admin is a good idea in theory, bad in practice.


_________________
Hoowah Shadowclan!!

Zortee - Gruntee Heelur Shaman, Kuuk'r Goth - Retired
Bleeding Hollow WoW
Zortee - Wargod's Own Grunt - SP - Retired
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    The Shadowclan Dark Moot Forum Index -> General Discussion All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group