[dns-operations]"remotely changing a home router's DNS server was theoretically possible " (C|Net)
simonw at zynet.net
Wed Jan 23 09:31:06 UTC 2008
On Tuesday 22 January 2008 22:17, Gadi Evron wrote:
> I am unsure of what specific attack (malware?) they are talking about
> which is MX specific, but SYMC is good with PR. I am however
> increasingly concerned with the ease of compromising broadband routers.
It is well documented elsewhere, from well before live exploits were seen.
the HTTP model of only POST/PUT/DELETE doing non-idempotent actions, and thus
alerting the user, is so widely ignored as to be pointless, although it can
make the exploit easier if the routers can be configured via GET).
> On the DNS side, without compromising (which can result in more botnets
> or wiretap concerns) I am especially concerned due to many of these CPE
> devices being recursive DNS servers.
It largely doesn't matter if they are recursive or not, the fundamental issue
is the ability to configure via web interface, poor security in web browser
(all), and default passwords.
I don't think there is any specifc DNS part to the problem, other than once
you control someones router, that is the easiest way to phish. I guess if
folk here suddenly get less DNS traffic it might be a bad sign - but I'm
guessing that applies almost whatever the reason for less traffic.
This web problems aren't specific to broadband routers, they are just low
More information about the dns-operations