The Latest of Many Router Vulnerabilities

[OldJimbo]

Some may have missed the news of this. A new(er) exploit was demonstrated involving many modem/routers.

It would be a good idea to make sure that:

1. Your login to your router has been changed from default.
2. Don't complain if your ISP has changed your password if you left it as Admin... They did (X69) this in a secure way and sent you a letter.
3. For at least a while, it would be better if you didn't have login/password saved on your regular browser.
4. Get an account on OpenDNS and block rebinds. Most us use OpenDNS anyway but just with a generic account. Set up DNS on the computer rather than the router - because it's less easily crashed.
5. Realize that this is a good thing. I looked very closely at replies to the vulnerability on the forums of third party firmware distributors. I may well change because a sensible and cautious approach with a demo impresses me far more than bluster.

[YouCanToo]

Some may have missed the news of this. A new(er) exploit was demonstrated involving many modem/routers.

It would be a good idea to make sure that:

1. Your login to your router has been changed from default.
2. Don't complain if your ISP has changed your password if you left it as Admin... They did (X69) this in a secure way and sent you a letter.
3. For at least a while, it would be better if you didn't have login/password saved on your regular browser.
4. Get an account on OpenDNS and block rebinds. Most us use OpenDNS anyway but just with a generic account. Set up DNS on the computer rather than the router - because it's less easily crashed.
5. Realize that this is a good thing. I looked very closely at replies to the vulnerability on the forums of third party firmware distributors. I may well change because a sensible and cautious approach with a demo impresses me far more than bluster.

Number 1 - should just be common sense.
Number 2 - Your ISP has NO business being in your system! Even if you haven't changed the default login/password. Instead they should perhaps suspend your service till the issue is corrected, but they should not be in your equipment.
Number 4 - I am really not sure how that is going to help when rebinds can happen through ones browser plug-ins such as flash or silverlight and javascript.  Am I missing something here how OpenDNS can prevent them? Can you please enlighten me if it can.

[OldJimbo]

I'm sorry - it was just a list of preventative steps which I thought might be useful.

Apparently the "Security Now" show on twit.tv is going to be centered on this - but that's in 30 minutes. I'm not sure if the video is just live or available right away. Audio should be available. That's a start to thinking things through and discussion. Perhaps details of the OpenDNS filtering will be covered.

I think it's good that a known vulnerability got attention.

There's quite a discussion on ISP routers having passwords changed - on Slashdot.

[OldJimbo]

I'm really going to have to take some time over this Security Now podcast. It's pretty thorough, but also brought up some points which I didn't know about! Well that's nothing new except that I have been reading about the exploit and hadn't heard about ABE in no-script.
Worthwhile!

[YouCanToo]

I'm sorry - it was just a list of preventative steps which I thought might be useful.

Please do not get me wrong I do agree with you in they are useful. It is funny as some should just be plain old common sense to do.

Apparently the "Security Now" show on twit.tv is going to be centered on this - but that's in 30 minutes. I'm not sure if the video is just live or available right away. Audio should be available. That's a start to thinking things through and discussion. Perhaps details of the OpenDNS filtering will be covered.

I think it's good that a known vulnerability got attention.

There's quite a discussion on ISP routers having passwords changed - on Slashdot.

Thanks for the above information. I find it interesting about the rebind stuff.  

I wish that the folks that made the routers would have some-type of program that would force the end user to change the username and password before the router would activate.  This would go a long way in solving many issues.   There are several routers (5) here in my area that are un-encrypted and that have never had the default system setup changed.

[OldJimbo]

In the past many people seem to have left the PCL forums and then spent lots of time criticizing.

DD-WRT does in v24. Steve was talking vulnerabilities, though, so it's going to take some time to see if he was talking about earlier versions - or if they have an ongoing issue.

Number 2 - Your ISP has NO business being in your system! Even if you haven't changed the default login/password. Instead they should perhaps suspend your service till the issue is corrected, but they should not be in your equipment.

Apparently in the end it was about access to rental routers owned by them and that people had actually signed a contract saying that to be legal. What blew me away was learning about TR-69 systems. That's new to me!

[wedgetail]

OldJimbo

Do you mind telling a bit more about the TR-69, I did a Google but nothing really caught my attention apart from something management software, but the fact that you seem to have been a bit surprised that has got me curious   

[smcs_steve]

In the past many people seem to have left the PCL forums and then spent lots of time criticizing.

DD-WRT does in v24. Steve was talking vulnerabilities, though, so it's going to take some time to see if he was talking about earlier versions - or if they have an ongoing issue.

OldJimbo - Who - where - what are you quoting from here?  I've lost the thread of the conversation....
>_Steve