Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Businesses Hardware

Exploit Kit Delivers Pharming Attacks Against SOHO Routers 31

msm1267 writes: For the first time, DNS redirection attacks against small office and home office routers are being delivered via exploit kits. French security researcher Kafeine said an exploit kit has been finding success in driving traffic from compromised routers to the attackers' infrastructure. The risk to users is substantial, he said, ranging from financial loss, to click-fraud, man-in-the-middle attacks and phishing.
This discussion has been archived. No new comments can be posted.

Exploit Kit Delivers Pharming Attacks Against SOHO Routers

Comments Filter:
  • This makes a good case for knowing as much as possible about your router/modem's settings. Also I go to "grc.com" and use the "shields up" page to test my router's port settings. I also like to use "Open DNS" for my DNS servers. Even the paranoid are right sometimes. :)
    • by WD ( 96061 )

      That's nice, but nothing that you describe helps protect against the vulnerability described.

      • That's nice, but nothing that you describe helps protect against the vulnerability described.

        Then what would protect against this type of attack?. I tried to find new firmware for my router, but no updates available. Perhaps you can give me some advice, as I would like to learn something from this attack.

        • by Anonymous Coward

          Block ads and javascript. No ads, and you are way less likely to get this. No javascript and it won't work at all. What really needs to be done is to have all browsers deny access to local addresses by any tab that loads anything from the Internet. Noscript has ABE, which does that, but I'm not aware of any browser that does it by default; plus, noscript doesn't help you as this seems to target chrome browsers as an easier vector.

          • Block ads and javascript. No ads, and you are way less likely to get this. No javascript and it won't work at all. What really needs to be done is to have all browsers deny access to local addresses by any tab that loads anything from the Internet. Noscript has ABE, which does that, but I'm not aware of any browser that does it by default; plus, noscript doesn't help you as this seems to target chrome browsers as an easier vector.

            Thanks for your advice I will take it to heart. :)

          • by WD ( 96061 ) on Tuesday May 26, 2015 @11:40AM (#49775675)

            Yeah, that helps for sure. The other option is to see if there's a 3rd-party firmware for the router. The firmwares that come with home equipment out of the box are often pretty poor. And are often abandoned after they are shipped. However, something like dd-wrt / openwrt / tomato is likely to be better supported.

            • Yeah, that helps for sure. The other option is to see if there's a 3rd-party firmware for the router. The firmwares that come with home equipment out of the box are often pretty poor. And are often abandoned after they are shipped. However, something like dd-wrt / openwrt / tomato is likely to be better supported.

              Thanks I will check all three, to see if my router is supported by any of the above.:)

    • This makes a good case for knowing as much as possible about your router/modem's settings. Also I go to "grc.com" and use the "shields up" page to test my router's port settings. I also like to use "Open DNS" for my DNS servers. Even the paranoid are right sometimes. :)

      PS Open DNS allows you to set security settings on your own dashboard page, and it's FREE for home users.

  • by anwyn ( 266338 ) on Tuesday May 26, 2015 @11:11AM (#49775479)
    This gives you the option to install free software that
    • avoids deliberate company installed backdoors.
    • has bugs fixed on a regular basis
    • will work with IPV6
    • can be modified for unusual configurations.
    • Has openwrt become more usable? I was using it up until about 12-18months ago. The constant stability issues combined with arcane/not working configuration items and finding myself constantly downloading and testing various mods to get around problems just got to frustrating and time consuming to be worth it for me.

  • What's a good router to buy for home / small business that has a minimum feature set: uses DHCP, has some static IP addresses, has a LAN-only config web page, no stupid app store in my router, and no remote access, etc)?

    I have a Linksys EA6900, and it makes me nervous because it is chok full of features that I don't use and I never plan on using. Each and every one is probably an exploit waiting to happen. Personally, I think if such routers are easily hacked because of poorly implemented features and

    • mikrotik 2011 -- nuf said
      • by Gravis Zero ( 934156 ) on Tuesday May 26, 2015 @12:43PM (#49776171)

        mikrotik 2011 -- nuf said

        mikrotik make routerboard routers, so that would be RB2011 [routerboard.com]

        The RB2011Ui is a low cost multi port device series. Designed for indoor use, and available in many different cases, with a multitude of options.

        The RB2011 is powered by RouterOS, a fully featured routing operating system which has been continuously improved for fifteen years. Dynamic routing, hotspot, firewall, MPLS, VPN, advanced quality of service, load balancing and bonding, real-time configuration and monitoring - just a few of the vast number of features supported by RouterOS.

        RouterBOARD 2011UiAS-2HnD has most features and interfaces from all our Wireless routers. It’s powered by the new Atheros 600MHz 74K MIPS network processor, has 128MB RAM, five Gigabit LAN ports, five Fast Ethernet LAN ports and SFP cage (SFP module not included!). Also, it features powerful 1000mW dual chain 2.4Ghz (2312-2732MHz depending on country regulations) 802.11bgn wireless AP, RJ45 serial port, microUSB port and RouterOS L5 license, as well as desktop case with power supply, two 4dBi Omni antennas and LCD panel- all this for only $129!

        Tested and recommended to use with MikroTik SFP modules: S-85DLC05D, S-31DLC20D and S-35/53LC20D (not included)

        RouterBOARD 2011UAS-2HnD-IN comes with desktop enclosure, LCD panel and power supply.

        Wall mount kit (product code RBWMK) for network closet is available for purchase as an optional accessory.
        The RB2011Ui also has passive PoE output capability on the last port (ETH10), this means you can power another device just by connecting it over regular Ethernet cable

        seriously, minimum feature set? it has it's own fucking LCD!

    • Anything that runs OpenWRT..... Even a consumer model... In fact, I think your existing hardware is supported, albeit it's not being claimed as "stable" yet.

If all else fails, lower your standards.

Working...