The Digital Rag
Real World Information in a Virtual World
Sign Up!
Login Welcome to The Digital Rag
Sunday, February 05 2012 @ 12:18 AM PST

Your Home Router Is Next Up For Attack

Thursday, January 24 2008 @ 05:28 PM PST

Contributed by: Richard Pitt

Newsletter Postings

Over the past couple of days I've been watching an issue develop that has implications for virtually all of my customers, friends, relatives and everyone on this list - as well as most of the people on the Internet from home and many from their offices too.

The subject is the little hardware firewalls that most of us have.

If you have one of the really early ones (as I do) this should not be an issue. But if you have one that uses UPnP (Universal Plug 'n Play) to configure it (the CD/software that comes with the device says "Install me first" usually) then you need to be aware of this problem.

There is a bug in UPnP that allows a piece of software downloaded to your computer to get into the router and change its settings.

The software gets onto your computer from what is known as a "drive-by" download - either you visit a web site that has been compromised - and there are tens of thousands of them that this has happened to in recent weeks - or you click on a link in an e-mail you receive that takes you to one of the crooks' own web machines.

In most cases the software changes the DNS (Domain Name Server) settings in the router so that your computer will start getting the wrong addresses when you for example try to go to your bank's computer.

The system will set up what is called a Man-in-the-middle attack which will insert itself into the conversation between you and the bank - and take your information. In extreme cases the attack will change your requests to the bank to instead transfer money to the attacker.

What can you do about this???

At this point the manufacturers of these devices have not come up with any solutions. The devices are manufactured by companies all over the world and found in popular stores everywhere.

The short list of options so far includes:

Change the default password on the device (any I've installed for you this has been done)

Turn off UPnP - I don't think all such devices have this option but you can check

Change the internal network to use something other than the 192.168.x.x address ranges - either 172.16-31.x.x or 10.x.x.x - this is a major change if your network has any machines with fixed IP addresses in it so is not to be changed without consultation with your network person.

More information:
http://isc.sans.org/diary.php?storyid=3881
http://www.darkreading.com/document.asp?doc_id=143840&f_src=darkreading_default

Story Options

What's New

Stories

No new stories

Comments last 2 days

No new comments

Trackbacks last 2 days

No new trackbacks

Older Stories

Thursday 15-Sep


Saturday 10-Sep


Tuesday 30-Aug


Saturday 20-Aug


Thursday 18-Aug


Sunday 14-Aug


Thursday 04-Aug


Tuesday 02-Aug

?

Ads by Clickochet

G+ Public Posts

There was a problem reading this feed (see error.log for details).
?

G+

?

Facebook Page

RSS Feed

Richard's Digital Rag

Poll

How do you like to find out news about the internet and computers?

  •  Newspaper
  •  Radio
  •  TV
  •  Web Search
  •  Favourite Web Site(s)
  •  Pod Cast
  •  Video Online
  •  Email List(s)
  •  RSS - Syndication
  •  Word of mouth
This poll has 0 more questions.
Results
Other polls | 27 votes | 0 comments