Have a home router? You’ll want to read this!

Satellite A researcher by the name of Dan Kaminsky will soon be unveiling an attack that could be used to hijack certain routers. This web-based attack can be used to gain complete access to your router and change settings within. By doing this, a hacker could change the DNS settings to hijack the user to an unknown location on the internet.

A DNS related attack could be used to make a user think they are going to a legitimate website, while actually redirecting the user to a malicious website that can be used to steal identity or track online activity. Both are a serious breach in online safety. The main problem is that the user would have no idea this is happening. The browser would still show that its directing to the correct address. Also, because this attack happens at the router and not on the computer, Antivirus and Anti-Malware solutions can not detect it.

This attack can be loaded via JavaScript code from a malicious or hacked website which would trick the browser into logging into an improperly setup router and changing the settings. It could either set it up so that a hacker could get in from the outside, or more likely, force the router to download a hacked firmware which sets up the DNS hijack.

Experts have long believed that this attack was possible, but Mr Kaminsky’s demo will show that its no longer just a theoretical attack. Now that its become public, someone with malicious intent will take advantage of the technology. Its time to take action to make sure you aren’t a victim.

What can you do?

First, change the default password on your router. Even if you make it something simple, at least it wont be the default password anymore. The attack outlined by Mr Kaminsky is a simple one that takes advantage of a router that’s running completely default like you get it from the factory.

Second, change the name and IP address of your router. Your router does not have to have an internal address of 192.168.1.1 or 10.0.0.1. Change that to 192.168.2.1 or 10.0.0.100. Anything that will make an automated attack fail.

Third, use the DNS servers of your ISP rather than pointing your DNS to the router. This is a more advanced suggestion, but a good one. When you use a router, it gives you an IP address from its internal DHCP server. In the process of doing this, it sets itself as the DNS authority. You can change this in your network settings.

All these recommendations are not meant to make your life difficult. Your ISP should be able to help you do most of these things, or you could post asking for help in our Networking forum. One of our staff or users should be able to assist you with making the necessary changes.

Its important to note that this attack is not specifically a bug with the router. This attack takes advantage of JavaScript and the browser to make changes to the router. Because of this, almost any router on the market is vulnerable.

  • Has this guy revealed it yet?

  • Has this guy revealed it yet?

  • Thanks pal, This was good information. I changed my router settings.

    Thanks again.

    Menol
    menol.blogspot.com

  • Thanks pal, This was good information. I changed my router settings.

    Thanks again.

    Menol
    menol.blogspot.com

  • Roland Latour

    Linksys routers' web config interface is available on port80 at both the internal & external address. That means it's just a password away from being bricked. I found if I setup the router's port80 for passthru to a webserver on my internal network (or maybe to some nonexistent box) then the config interface is no longer available to the outside world.
    This has nothing to do with RemoteAdmin, that
    "feature" just makes the box doubly insecure.

  • Roland Latour

    Linksys routers' web config interface is available on port80 at both the internal & external address. That means it's just a password away from being bricked. I found if I setup the router's port80 for passthru to a webserver on my internal network (or maybe to some nonexistent box) then the config interface is no longer available to the outside world.
    This has nothing to do with RemoteAdmin, that
    "feature" just makes the box doubly insecure.

  • awilson

    Roland, How do you "setup the router's port80 for passthru to a webserver on my internal network (or maybe to some nonexistent box) then the config interface is no longer available to the outside world."

  • awilson

    Roland, How do you "setup the router's port80 for passthru to a webserver on my internal network (or maybe to some nonexistent box) then the config interface is no longer available to the outside world."