Auteur Sujet: Extraneous Network Services Leave Home Routers Unsecure  (Lu 994 fois)

0 Membres et 1 Invité sur ce sujet

ka9yhd

  • Invité
Extraneous Network Services Leave Home Routers Unsecure
« le: 04 août 2013 à 00:35:28 »
"Today's home routers include a multitude of extra functionality, such as the ability to act as a file and print server. An article from CNET shows how an attacker can use vulnerabilities in these services, such as buffer overflows, directory traversal, race conditions, command injections, and bad permissions to take over the router from the local network without knowing the administrative password. Some of the worst vulnerabilities were in undocumented, proprietary services that users cannot disable and allowed an attacker to achieve a root shell. The researchers who discovered the vulnerabilities will be demonstrating them at the Wall of Sheep and Wireless Village at DEF CON."

http://mobile.slashdot.org/story/13/08/03/2124223/extraneous-network-services-leave-home-routers-unsecure

djohnston

  • Invité
Re : Extraneous Network Services Leave Home Routers Unsecure
« Réponse #1 le: 04 août 2013 à 13:54:12 »
Well, the C/NET article doesn't go into a lot of detail about the exploits. It's more about the Defcon 21 meeting in Las Vegas. The good news is that, according to the Exploiting SOHO Router Services article, the router-provided services are only vulnerable to the described attacks after "USB storage is attached" (to the router).

More good news is that my home router is not on the list. The bad news is that it doesn't mean my home router is secure. By any means. In order to have some control, (hopefully, full control), of a home router, a PC needs to be repurposed as a dedicated router for the entire home network. It can run other tasks, but making it the sole purpose of an older PC is a perfect use for a PC with slower data bus speeds and slower IDE/SATA channel speeds. There are several hardened distros available to turn an unused PC into a dedicated internet router for a home network, such as EnGarde Secure Linux. And an older PC can be used for this purpose with very little performance loss. The main criteria are ethernet and wireless transfer speeds which can be easily met with good quality PCI or PCIe adapters.

The other alternative is to install DD-WRT or Tomato Firmware to your Broadcom-based router. Or use one of the Linux or BSD solutions shown here.