Exploit Kit Delivers Pharming Attacks Against SOHO Routers

msm1267 writes: For the first time, DNS redirection attacks against small office and home office routers are being delivered via exploit kits. French security researcher Kafeine said an exploit kit has been finding success in driving traffic from compromised routers to the attackers' infrastructure. The risk to users is substantial, he said, ranging from financial loss, to click-fraud, man-in-the-middle attacks and phishing.

Re: Then turn them off

[Anonymous Coward]

"Just think, no more reading dumb comments."

I'm feeling an overwhelming irony here...

Re:UNIX Only

[OhSoLaMeow]

This is UNIX Only.

I know this.

Know Thy DNS IP's!

[hamsterz1]

This makes a good case for knowing as much as possible about your router/modem's settings. Also I go to "grc.com" and use the "shields up" page to test my router's port settings. I also like to use "Open DNS" for my DNS servers. Even the paranoid are right sometimes. :)

Re:

[WD]

That's nice, but nothing that you describe helps protect against the vulnerability described.

Re:

[hamsterz1]

That's nice, but nothing that you describe helps protect against the vulnerability described.

Then what would protect against this type of attack?. I tried to find new firmware for my router, but no updates available. Perhaps you can give me some advice, as I would like to learn something from this attack.

Re:

[Anonymous Coward]

Block ads and javascript. No ads, and you are way less likely to get this. No javascript and it won't work at all. What really needs to be done is to have all browsers deny access to local addresses by any tab that loads anything from the Internet. Noscript has ABE, which does that, but I'm not aware of any browser that does it by default; plus, noscript doesn't help you as this seems to target chrome browsers as an easier vector.

Re:

[hamsterz1]

Block ads and javascript. No ads, and you are way less likely to get this. No javascript and it won't work at all. What really needs to be done is to have all browsers deny access to local addresses by any tab that loads anything from the Internet. Noscript has ABE, which does that, but I'm not aware of any browser that does it by default; plus, noscript doesn't help you as this seems to target chrome browsers as an easier vector.

Thanks for your advice I will take it to heart. :)

Re:Know Thy DNS IP's!

[WD]

Yeah, that helps for sure. The other option is to see if there's a 3rd-party firmware for the router. The firmwares that come with home equipment out of the box are often pretty poor. And are often abandoned after they are shipped. However, something like dd-wrt / openwrt / tomato is likely to be better supported.

Re:

[hamsterz1]

Yeah, that helps for sure. The other option is to see if there's a 3rd-party firmware for the router. The firmwares that come with home equipment out of the box are often pretty poor. And are often abandoned after they are shipped. However, something like dd-wrt / openwrt / tomato is likely to be better supported.

Thanks I will check all three, to see if my router is supported by any of the above.:)

Re:

[hamsterz1]

This makes a good case for knowing as much as possible about your router/modem's settings. Also I go to "grc.com" and use the "shields up" page to test my router's port settings. I also like to use "Open DNS" for my DNS servers. Even the paranoid are right sometimes. :)

PS Open DNS allows you to set security settings on your own dashboard page, and it's FREE for home users.

Don't buy a router unless it suports openwrt.

[anwyn]

This gives you the option to install free software that

• avoids deliberate company installed backdoors.
• has bugs fixed on a regular basis
• will work with IPV6
• can be modified for unusual configurations.

Re:

[jbmartin6]

I expect parent was saying that OpenWRT has bugs fixed regularly, and was not making a claim for free software in general. Also, free software is not the same as open source software. :)

Re:

[Anonymous Coward]

This gives you the option to install free software that

• 
  avoids deliberate company installed backdoors.
• 
  has bugs fixed on a regular basis
• 
  will work with IPV6
• 
  can be modified for unusual configurations.

I like open source but let's not invent silly excuses. Open source software is not bug fixed on a regular basis. It is fixed only if the project is popular enough. And even then problems arise, see the Open SSH fiasco.

The modularity inherent in open source projects like OpenWRT actually offer VERY fast bugfix turnaround because the underlying packages are individually very popular and get updated and ported with ease. OpenWRT is a great example of Open Source done right.

Re:

[bloodhawk]

Has openwrt become more usable? I was using it up until about 12-18months ago. The constant stability issues combined with arcane/not working configuration items and finding myself constantly downloading and testing various mods to get around problems just got to frustrating and time consuming to be worth it for me.

Re:

[bobbied]

What? Host file security? Not unless you fully disable NSLOOKUP, which is not that easy to do.... Why not just bypass all this and use DNS servers that you control and block DNS services for everything else? Much more secure than hosts files....

What's a good router with minimum feature set?

[ggraham412]

What's a good router to buy for home / small business that has a minimum feature set: uses DHCP, has some static IP addresses, has a LAN-only config web page, no stupid app store in my router, and no remote access, etc)?

I have a Linksys EA6900, and it makes me nervous because it is chok full of features that I don't use and I never plan on using. Each and every one is probably an exploit waiting to happen. Personally, I think if such routers are easily hacked because of poorly implemented features and

Re:

[oldguy62]

mikrotik 2011 -- nuf said

Re:What's a good router with minimum feature set?

[Gravis Zero]

mikrotik 2011 -- nuf said

mikrotik make routerboard routers, so that would be RB2011 [routerboard.com]

The RB2011Ui is a low cost multi port device series. Designed for indoor use, and available in many different cases, with a multitude of options.

The RB2011 is powered by RouterOS, a fully featured routing operating system which has been continuously improved for fifteen years. Dynamic routing, hotspot, firewall, MPLS, VPN, advanced quality of service, load balancing and bonding, real-time configuration and monitoring - just a few of the vast number of features supported by RouterOS.

RouterBOARD 2011UiAS-2HnD has most features and interfaces from all our Wireless routers. It’s powered by the new Atheros 600MHz 74K MIPS network processor, has 128MB RAM, five Gigabit LAN ports, five Fast Ethernet LAN ports and SFP cage (SFP module not included!). Also, it features powerful 1000mW dual chain 2.4Ghz (2312-2732MHz depending on country regulations) 802.11bgn wireless AP, RJ45 serial port, microUSB port and RouterOS L5 license, as well as desktop case with power supply, two 4dBi Omni antennas and LCD panel- all this for only $129!

Tested and recommended to use with MikroTik SFP modules: S-85DLC05D, S-31DLC20D and S-35/53LC20D (not included)

RouterBOARD 2011UAS-2HnD-IN comes with desktop enclosure, LCD panel and power supply.

Wall mount kit (product code RBWMK) for network closet is available for purchase as an optional accessory.
The RB2011Ui also has passive PoE output capability on the last port (ETH10), this means you can power another device just by connecting it over regular Ethernet cable

seriously, minimum feature set? it has it's own fucking LCD!

Re:

[bobbied]

Anything that runs OpenWRT..... Even a consumer model... In fact, I think your existing hardware is supported, albeit it's not being claimed as "stable" yet.