LinuxVillage

LinuxVillage welcome => Technical discussions => Discussion démarrée par: ka9yhd le 04 août 2013 à 00:35:28

Titre: Extraneous Network Services Leave Home Routers Unsecure
Posté par: ka9yhd le 04 août 2013 à 00:35:28
"Today's home routers include a multitude of extra functionality, such as the ability to act as a file and print server. An article from CNET shows how an attacker can use vulnerabilities in these services, such as buffer overflows, directory traversal, race conditions, command injections, and bad permissions to take over the router from the local network without knowing the administrative password. Some of the worst vulnerabilities were in undocumented, proprietary services that users cannot disable and allowed an attacker to achieve a root shell. The researchers who discovered the vulnerabilities will be demonstrating them at the Wall of Sheep and Wireless Village at DEF CON."

http://mobile.slashdot.org/story/13/08/03/2124223/extraneous-network-services-leave-home-routers-unsecure (http://mobile.slashdot.org/story/13/08/03/2124223/extraneous-network-services-leave-home-routers-unsecure)
Titre: Re : Extraneous Network Services Leave Home Routers Unsecure
Posté par: djohnston le 04 août 2013 à 13:54:12
Well, the C/NET article doesn't go into a lot of detail about the exploits. It's more about the Defcon 21 meeting in Las Vegas. The good news is that, according to the Exploiting SOHO Router Services article (http://securityevaluators.com/content/case-studies/routers/soho_service_hacks.jsp), the router-provided services are only vulnerable to the described attacks after "USB storage is attached" (to the router).

More good news is that my home router is not on the list. The bad news is that it doesn't mean my home router is secure. By any means. In order to have some control, (hopefully, full control), of a home router, a PC needs to be repurposed as a dedicated router for the entire home network. It can run other tasks, but making it the sole purpose of an older PC is a perfect use for a PC with slower data bus speeds and slower IDE/SATA channel speeds. There are several hardened distros available to turn an unused PC into a dedicated internet router for a home network, such as EnGarde Secure Linux (http://www.engardelinux.org/). And an older PC can be used for this purpose with very little performance loss. The main criteria are ethernet and wireless transfer speeds which can be easily met with good quality PCI or PCIe adapters.

The other alternative is to install DD-WRT (http://www.dd-wrt.com/site/index) or Tomato Firmware (http://www.polarcloud.com/tomato) to your Broadcom-based router. Or use one of the Linux or BSD solutions shown here (https://en.wikipedia.org/wiki/List_of_router_or_firewall_distributions).