Firewall – CYBER ARMS – Computer Security

Sam Bowne, IT instructor at City College of San Francisco, has a very interesting page on his site entitled: IPvX: Better than IPv6?

Apparently the question was asked at the recent Defcon conference, “Why isn’t IPv6 backwards-compatible with IPv4?”

Well, that is a pretty good question, and Bill Chimiak just might have the answer. With IPv4 addresses rapidly depleting, many companies are looking at converting to IPv6. Bill has created a proposal for an IPv4 replacement that could save a lot of time, money and effort compared to what would be needed if companies switched to IPv6.

A draft RFC can be found on Sam’s site and a help wanted add:

Right now, this is just a fantastic idea. We need help to make it real. Here are the immediate needs:

Criticism: if this is a bad idea, we need to know that.
Promotion: please help spread the word! We want everyone who cares to find out this idea quickly.
Coding: There aren’t any devices ready to use this system yet. We need to program end devices and routers so we can start experimenting with it. I would imagine the place to start would be to program a Linux IPvX router and client, hopefully followed quickly by a Windows port. Maybe a Python module would suffice for now.

Check it out, you might be able to able to be involved on the ground floor of the next big internet project.

The Black Hat Security conference is going on now in Vegas. Scanning through the list of presentations, this one really stood out, “How to Hack Millions of Routers“. According to the description, “This talk will demonstrate how many consumer routers can be exploited via DNS rebinding to gain interactive access to the router’s internal-facing administrative interface.”

The DNS binding attack has been known for a while, but it looks like Craig has found a new spin on the attack. According to a Forbes article, an attacker places a malicious script on a web page. When the page is visited, it switches the webpage IP address visited with the IP address of your router. It then gives the script access to view the router contents, and to log in to it.

Which routers are susceptible to this attack? Oh, a few, and you probably recognize their names, “Confirmed affected routers include models manufactured by Linksys, Belkin, ActionTec, Thompson, Asus and Dell, as well as those running third-party firmware such as OpenWRT, DD-WRT and PFSense.”

Also at the conference, Craig is going to release the tool that automates the attack, “A tool release will accompany the presentation that completely automates the described attack and allows an external attacker to browse the Web-based interface of a victim’s router in real-time, just as if the attacker were sitting on the victim’s LAN.”

That’s awful nice of him isn’t it?

All right, so what do we do? An article on Notebook.com recommends changing your router password to a very complex password, upgrade your routers firmware to the latest version, and to avoid questionable sites. I would also add that you should check for firmware updates frequently. As router companies scramble to patch this, yours may not be updated against the threat yet.