Tag Archives: adsl

Security issues in ADSL and other routers

I’ve never been a fan of using ADSL/Wifi routers as the main firewall for a network ( which unfortunately ends up being the case for most home users ). These are devices built to the cheapest price, using the cheapest software development and generally, there are very few ( if any updates ) for security issues on these devices. Even if there are firmware updates available, end-users tend not to update these either through ignorance or lack of skill.

There are many vulnerabilities relating to ADSL/Wireless routers in the wild, often causing havoc with DNS and other systems. The latest bug relates to open DNS proxies on routers resulting in a 24-million router DNS denial of service attack on ISPs.

A¬†backdoor in some Linksys and Netgear wireless routers that allows malicious users to reset the devices’ configuration to factory settings and, therefore, to default router administration username and password, has been discovered and its existence shared with the world.

Another is the Wifi hacking trojan, RBrute which infects Wifi routers and then distributes the Sality malware family which can subsequently infect Windows systems with web/dns redirection, remote access, information theft, rootkit capabilities, disabling firewalls/av and downloading additional malware. The list goes on and on. This stuff is nasty to say the least.

This doesn’t stop at low-end routers like TP-Link, Netgear and Dlink – others like Linksys and Belkin are also often targeted. The main problems with these routers come in 2 areas:

1. mis-configuration

2. software issues

The mis-configuration issue can be laid at both the end-users’ and manufacturers doors. First, end-users aren’t always skilled enough to configure these systems properly. Second, manufacturers often add additional accounts to routers that aren’t normally used and end-users are unaware of. These then present back-doors for malware and attackers to misuse.

The quality of software development in these systems is of a very low quality resulting in all sorts of vulnerabilities such as cross-site scripting issues to DNS amplification attacks. Manufacturers also tend to update their routers very seldom ( if at all ) resulting in the bulk of routers out there having some issue or other.

If you are going to use an ADSL/Wifi router, then make sure you update its firmware to the latest available, and clsoe/change passwords for any accounts on the unit. Better yet, you should put the unit into bridge mode and use a proper firewall for your protection.

ADSL Router Security in the crosshairs

It’s long been a bugbear of mine when ADSL modems are used at the perimeter of networks as the security device/firewall. Including the fact that many of these units are made to the lowest cost possible and have many vulnerabilities, they are holy unsuited to the task of providing decent security. That’s why I always switch them to bridge mode where possible and use a proper firewall behind them.

The issues of ADSL routers include but are not limited to:

  • default password not changed
  • external management/administration switched on
  • software vulnerabilities ( including XSS and DNS reflection issues )

Many of the recent issues with regards to DDoS attacks are related to the unauthorised use of ADSL modems that either have public management switched on with default passwords, or vulnerabilities that have been exploited. The process goes as follows:

  • Use the CSRF ( cross site forgery request ) vulnerability in Broadcom-based routers to access the admin console without requiring the password
  • Change the routers DNS server(s) to point to a a malicious DNS server
  • Change the router’s password so the rightful owner can no longer get in
  • When going to a site, the malicious DNS server sends the user to an alternate location
  • At the alternate location, the user downloads what they think is a valid installation file but which is in fact an infected or malicious file
  • Install malware onto the user’s machines to log keystrokes and steal files

A recent ITWeb article singled out the Dlink 2750 modem, however, many modems from many vendors are susceptible to attacks should they be vulnerable or configured incorrectly. Read the fascinating article on how 4.5 million routers were hacked in Brazil.

It’s up to the end user to configure the units correctly and safely, or contract a security person to do so. Remember you are responsible for your data and security.

WorldWideWorx, Arthur Goldstuck and new cables

The talk given by Arthur Goldstuck this evening at Bandwidth Barn was very enlightening. Entitled ‘the cables are coming’, it concentrated on the new undersea cables that are due to be going on line in the next few years, the effect they will have on the internet in SA and the internet trends in SA in general going forward.

2 pieces of information struck me as very interesting:

1. out of the 290Gbps of capacity on the SAT3/SAFE system, only 40Gbps is used by Telkom for internet access

2. out of the 1.2Tbps of capacity on the soon-to-be-launched Seacom system, only 80Gbps will be used for internet access

A recent posting on myadsl.co.za by Laurie from SAOL indicated ( http://mybroadband.co.za/vb/showpost.php?p=2838622&postcount=76 ) that prices were unlikely to come down purely because of Seacom. WWW’s trending and research shows the same sort of trends. There are a no. of reasons for this including:

1. Neotel controls the only link from Midrand to Mtnzuni where the Seacom cables lands. As such they control the pricing which is not currently favourable

2. Seacom and its partners need to recoup their initial investment in the cable which has a considerable cost attached. If others are charging a lot, then they will do the same, trying to make profit while they are able to.

In conclusion, we’ll be waiting a bit longer for benefits as a result of Seacom and other cable systems, and I think that the main one will be increased caps instead of price drops. Fast speeds are also coming soon with Telkom apparently finished with 8Mbps testing and dslam upgrades in process.