[dns-operations]"remotely changing a home router's DNS server was theoretically possible " (C|Net)

Simon Waters simonw at zynet.net
Wed Jan 23 09:31:06 UTC 2008

On Tuesday 22 January 2008 22:17, Gadi Evron wrote:
> I am unsure of what specific attack (malware?) they are talking about
> which is MX specific, but SYMC is good with PR. I am however
> increasingly concerned with the ease of compromising broadband routers.

It is well documented elsewhere, from well before live exploits were seen.

Basically routers with a web interface can be configured through Javascript, 
as there are ways to subvert the javascript and http security models (indeed 
the HTTP model of only POST/PUT/DELETE doing non-idempotent actions, and thus 
alerting the user, is so widely ignored as to be pointless, although it can 
make the exploit easier if the routers can be configured via GET).

> On the DNS side, without compromising (which can result in more botnets
> or wiretap concerns) I am especially concerned due to many of these CPE
> devices being recursive DNS servers.

It largely doesn't matter if they are recursive or not, the fundamental issue 
is the ability to configure via web interface, poor security in web browser 
(all), and default passwords.

I don't think there is any specifc DNS part to the problem, other than once 
you control someones router, that is the easiest way to phish. I guess if 
folk here suddenly get less DNS traffic it might be a bad sign - but I'm 
guessing that applies almost whatever the reason for less traffic.

This web problems aren't specific to broadband routers, they are just low 
hanging fruit.

More information about the dns-operations mailing list