Don’t Trust your Router “Update” Feature

With all the news of router exploits and compromised units being used by hacker groups for attacks, make sure you include installing router firmware updates as part of your scheduled maintenance routine. Just don’t trust the built in “Update” feature…

One top name router I was working with yesterday needed updating. I went into the router admin screen and dutifully checked the “Check for Update” button. Good news – the router checked the manufacturer’s site and was using the latest firmware!

But it wasn’t…

I knew the manufacturer had just released a new critical firmware update. Doing a manual check on the support site verified my suspicion – the currently installed version was several months and several revisions old! If I believed that the router was using the current one, it would have remained vulnerable!

Sometimes router updates are not set as the latest version on the manufacturer’s update server. Check your firewall/routers/ Wi-Fi devices manually and make sure they are using the latest and greatest firmware. Also, never leave default credentials set on these devices, especially internet facing ones – use long complex passwords.

 

Advertisements

IPvX: A Better Replacement for IPV4 than IPv6?

Sam Bowne, IT instructor at City College of San Francisco, has a very interesting page on his site entitled: IPvX: Better than IPv6?

Apparently the question was asked at the recent Defcon conference, “Why isn’t IPv6 backwards-compatible with IPv4?”

Well, that is a pretty good question, and Bill Chimiak just might have the answer. With IPv4 addresses rapidly depleting, many companies are looking at converting to IPv6. Bill has created a proposal for an IPv4 replacement that could save a lot of time, money and effort compared to what would be needed if companies switched to IPv6.

A draft RFC can be found on Sam’s site and a help wanted add:

Right now, this is just a fantastic idea. We need help to make it real. Here are the immediate needs:

  • Criticism: if this is a bad idea, we need to know that.
  • Promotion: please help spread the word! We want everyone who cares to find out this idea quickly.
  • Coding: There aren’t any devices ready to use this system yet. We need to program end devices and routers so we can start experimenting with it. I would imagine the place to start would be to program a Linux IPvX router and client, hopefully followed quickly by a Windows port. Maybe a Python module would suffice for now.

Check it out, you might be able to able to be involved on the ground floor of the next big internet project.

Half of Home Routers Vulnerable to DNS Exploit

The Black Hat Security conference is going on now in Vegas. Scanning through the list of presentations, this one really stood out, “How to Hack Millions of Routers“. According to the description, “This talk will demonstrate how many consumer routers can be exploited via DNS rebinding to gain interactive access to the router’s internal-facing administrative interface.”

The DNS binding attack has been known for a while, but it looks like Craig has found a new spin on the attack. According to a Forbes article, an attacker places a malicious script on a web page. When the page is visited, it switches the webpage IP address visited with the IP address of your router. It then gives the script access to view the router contents, and to log in to it.

Which routers are susceptible to this attack? Oh, a few, and you probably recognize their names, “Confirmed affected routers include models manufactured by Linksys, Belkin, ActionTec, Thompson, Asus and Dell, as well as those running third-party firmware such as OpenWRT, DD-WRT and PFSense.”

Also at the conference, Craig is going to release the tool that automates the attack, “A tool release will accompany the presentation that completely automates the described attack and allows an external attacker to browse the Web-based interface of a victim’s router in real-time, just as if the attacker were sitting on the victim’s LAN.”

That’s awful nice of him isn’t it?

All right, so what do we do? An article on Notebook.com recommends changing your router password to a very complex password, upgrade your routers firmware to the latest version, and to avoid questionable sites. I would also add that you should check for firmware updates frequently. As router companies scramble to patch this, yours may not be updated against the threat yet.

Cisco Unveils 322Tbit/sec Internet Router

Cisco unveiled their new CRS-3 core internet router today. The router is 3 times faster than the last version. Just how fast is it? Well according to Cisco Chairman and CEO John Chambers:

“The CRS-3 will help the Internet evolve from a messaging to an entertainment and media platform, with video emerging as the “killer app,” Chambers said.

Using a CRS-3, every person in China, which has a population just over 1.3 billion, could participate in a video phone call at the same time. It could transmit the whole printed contents of the Library of Congress in one second and every movie ever made in four minutes, according to Cisco.”

Read more at Computerworld.com.