[Cialug] ISPs and patching routers
kristau
kristau at gmail.com
Tue Oct 2 11:52:12 CDT 2012
All the more reason to run your own firewall and internal DNS/DHCP,
treating the ISP router as an external, untrusted device.
On Oct 2, 2012 11:43 AM, "Dave Weis" <djweis at internetsolver.com> wrote:
>
> In this exploit it doesn't matter if WAN admin is enabled or not. The
> victim loads a page that does some type of javascript requests to the modem
> using the default username and password and modifies what DHCP hands out
> for DNS servers. It's all coming from the inside interface of the firewall,
> not the outside.
>
>
> -----Original Message-----
> From: cialug-bounces at cialug.org [mailto:cialug-bounces at cialug.org] On
> Behalf Of Adam Hill
> Sent: Tuesday, October 02, 2012 11:17 AM
> To: Central Iowa Linux Users Group
> Subject: Re: [Cialug] ISPs and patching routers
>
> I believe dd-wrt has WAN management disabled by default. I haven't gotten
> around to setting up OpenVPN either, which would be a more ideal solution,
> so I'm using an open wan management on an non-default port for convenience.
>
> On Tue, Oct 2, 2012 at 10:00 AM, Barry Von Ahsen <barry at vonahsen.com>
> wrote:
>
> > is there an option to not allow management from WAN?
> >
> > or is this in addition to that?
> >
> >
> > -barry
> >
> >
> > On Oct 2, 2012, at 9:42 AM, Adam Hill wrote:
> >
> > > One of my benched side projects is setting up knockd (port knocker) on
> my
> > > dd-wrt router so I don't have to leave it's web interface open to be
> > found
> > > by port scanners and can open port forwards by port knocks.
> > >
> > > On Tue, Oct 2, 2012 at 9:12 AM, David Champion <dchamp1337 at gmail.com>
> > wrote:
> > >
> > >> dd-wrt / openwrt are one of the targets of this attack as well. If
> > you're
> > >> not up to date, or haven't configured it correctly, you may have
> > problems.
> > >>
> > >> -dc
> > >>
> > >> On Tue, Oct 2, 2012 at 9:08 AM, Nathan C. Smith <
> nathan.smith at ipmvs.com
> > >>> wrote:
> > >>
> > >>> Here is a related article:
> > >>>
> > >>>
> > >>>
> > >>
> >
> https://www.securelist.com/en/blog/208193852/The_tale_of_one_thousand_and_one_DSL_modems
> > >>>
> > >>> This one makes it sound like an A-V company was having trouble
> > >> determining
> > >>> how the computer was being manipulated and redirected because it was
> > >> being
> > >>> done outside the computer through the DSL modem.
> > >>>
> > >>> May you live in interesting times.
> > >>>
> > >>> -Nate
> > >>>
> > >>> -----Original Message-----
> > >>> From: cialug-bounces at cialug.org [mailto:cialug-bounces at cialug.org]
> On
> > >>> Behalf Of Josh More
> > >>> Sent: Tuesday, October 02, 2012 8:53 AM
> > >>> To: Central Iowa Linux Users Group
> > >>> Subject: [Cialug] ISPs and patching routers
> > >>>
> > >>> Looks like the router attack we've long known was possible is now
> > >> actually
> > >>> being used.
> > >>>
> > >>> This would be a good time to move friends and family over to openwrt
> or
> > >>> ddwrt. (Or an ISP that takes responsibility for security.)
> > >>>
> > >>> Details are here:
> > >>>
> > >>>
> > >>
> >
> http://arstechnica.com/security/2012/10/dsl-modem-hack-infects-millions-with-malware/
> > >>>
> > >>>
> > >>> -Josh
> > >>> _______________________________________________
> > >>> Cialug mailing list
> > >>> Cialug at cialug.org
> > >>> http://cialug.org/mailman/listinfo/cialug
> > >>> _______________________________________________
> > >>> Cialug mailing list
> > >>> Cialug at cialug.org
> > >>> http://cialug.org/mailman/listinfo/cialug
> > >>>
> > >> _______________________________________________
> > >> Cialug mailing list
> > >> Cialug at cialug.org
> > >> http://cialug.org/mailman/listinfo/cialug
> > >>
> > > _______________________________________________
> > > Cialug mailing list
> > > Cialug at cialug.org
> > > http://cialug.org/mailman/listinfo/cialug
> >
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > http://cialug.org/mailman/listinfo/cialug
> >
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
More information about the Cialug
mailing list