Author Topic: Home routers are vulnerable  (Read 2030 times)

Offline Mvzfka232

  • Comodo Family Member
  • ***
  • Posts: 80
« Last Edit: December 20, 2014, 12:00:05 PM by EricJH »

Offline Sanya IV Litvyak

  • Comodo's Hero
  • *****
  • Posts: 4204
  • Lurking
Re: Home routers are vulnerable
« Reply #1 on: December 19, 2014, 05:17:51 AM »
I saw that but I didn't find any explanation on how it works other than being a cookie that through some exploit gets admin privileges? How does the cookie get to the router in the first place is my question?
I support privacy and freedom online - eff.org

Offline John Buchanan

  • "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well armed lamb contesting the outcome of the vote." ~ Benjamin Franklin
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6568
  • Personal Dragons can be defeated. Improve yourself
Re: Home routers are vulnerable
« Reply #2 on: December 19, 2014, 11:12:10 PM »
First, the default admin password should always be changed.  Most people don't do this.
Second,  my router included an option to use a pictogram to ensure a bot wasn't attempting access.
Third, stop broadcasting.  Thieves won't spend time breaking into a private wireless network if they don't know it is there.
(only broadcast long enough to make the initial connection.)

Please follow Comodo Forum Policy

Bah! Ban 'em all! The only good member is a banned member
And a member is just a policy violator who hasn't been caught yet. >:-D

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 23687
Re: Home routers are vulnerable
« Reply #3 on: December 20, 2014, 12:00:26 PM »
I took the liberty of editing your split url and make it one that can be clicked on.

Offline Mvzfka232

  • Comodo Family Member
  • ***
  • Posts: 80
Re: Home routers are vulnerable
« Reply #4 on: December 24, 2014, 03:18:22 PM »
I took the liberty of editing your split url and make it one that can be clicked on.

http://stackoverflow.com/questions/1361705/

:(

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 23687
Re: Home routers are vulnerable
« Reply #5 on: December 24, 2014, 07:01:48 PM »
http://stackoverflow.com/questions/1361705/

:(
Slightly !ot! . I'm afraid I don't understand what this has to do with splitting a url.

Offline jeromex

  • Comodo Family Member
  • ***
  • Posts: 54
Re: Home routers are vulnerable
« Reply #6 on: June 12, 2015, 06:41:44 AM »
I up because I think this question is under treated (correct ?)
I get now my first real security problem 3 months after changing my USB ADSL Modem for an Ethernet DSL 320 B D-Link and before that, I had been totally safe for 8 years. I just forgot to harden the rules in the modem (disable Wan access from the outside as it is enabled by default)
I hope it will be enough because the DNS changing was recurrent even after changing my password account.
No malware was found according Malwarebytes, Adwcleaner, Gmer, Roguekiller
So for the moment I do not dare using even my E-Blue Card on it.
The symptome was spontaneus open porn webpages and fake adobeflashupdating webpages which failed to trap me.
So I think they did not install anything else.
I deal with, and am not asking for help here.


Microsoft Windows XP Home 32 bits SP3
Comodo CPF 5.10
Mozilla Firefox 38
Antivirus = Stripmyrights + ProcessXP
CPU : AMD Athlon 64 5000+
MB : Acer - Foxconn Nvidia MCP61
CGU : Gigabyte - NVIDIA GeForce GT 620

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 23687
Re: Home routers are vulnerable
« Reply #7 on: June 12, 2015, 08:34:00 AM »
Did you flash your D-Link with a fresh firmware before disabling WAN access?

Offline jeromex

  • Comodo Family Member
  • ***
  • Posts: 54
Re: Home routers are vulnerable
« Reply #8 on: June 12, 2015, 09:33:38 AM »
yes I shoud have been more precise
I suppose that WAN access was enabled by default but did not verify before the infection (if one can admit the malware capable to do that sort of change)
I had not change the default password neither
I had not adapted the rules of Comodo FW which is set on Custom Policy

After the infection

I set a real password on admin account of the modem
I restaure the DNS by typing it (both)
I made a backup of this configuration
I did some malware scans etc

When I want to open a Firefox session :
I start an Internet Explorer 8 Window under Sandboxie to load the Status of the Web Interface of the router, I log in and control the DNS
I start my Firefox Session

And despite this, one time in 3 days I saw my DSN changed one time
178.32.31.235 45.55.202.74 146.185.239.240 (2x) 37.48.127.131



Microsoft Windows XP Home 32 bits SP3
Comodo CPF 5.10
Mozilla Firefox 38
Antivirus = Stripmyrights + ProcessXP
CPU : AMD Athlon 64 5000+
MB : Acer - Foxconn Nvidia MCP61
CGU : Gigabyte - NVIDIA GeForce GT 620

Offline jeromex

  • Comodo Family Member
  • ***
  • Posts: 54
Re: Home routers are vulnerable
« Reply #9 on: June 12, 2015, 09:36:31 AM »
Sorry, I did not flash firmware because for the moment I did not find any.
The D-Link page for that modem announce firmwares but  is empty
So it is recent (1.05 Z1) known to include these new threast.
Microsoft Windows XP Home 32 bits SP3
Comodo CPF 5.10
Mozilla Firefox 38
Antivirus = Stripmyrights + ProcessXP
CPU : AMD Athlon 64 5000+
MB : Acer - Foxconn Nvidia MCP61
CGU : Gigabyte - NVIDIA GeForce GT 620

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 23687
Re: Home routers are vulnerable
« Reply #10 on: June 12, 2015, 02:59:50 PM »
What is your provider and what are the DNS server addresses of your ISP?

Offline jeromex

  • Comodo Family Member
  • ***
  • Posts: 54
Re: Home routers are vulnerable
« Reply #11 on: June 12, 2015, 04:26:41 PM »
The provider is Orange and the DNS 80.10.246.2 et 80.10.246.129
but it must be a range because on GRC DNS Nameserver Spoofability Test, they found 80.10.200.5 and 80.10.203.6
and Anti-Spoofing Safety: Excellent
edit , yes, excellent, but their DNS Benchmark test  find them not responding  :-\

I must say that this is thank to their online port test that I discovered that I was not stealth as before this modem, and then I could made the changes.

« Last Edit: June 12, 2015, 05:42:30 PM by jeromex »
Microsoft Windows XP Home 32 bits SP3
Comodo CPF 5.10
Mozilla Firefox 38
Antivirus = Stripmyrights + ProcessXP
CPU : AMD Athlon 64 5000+
MB : Acer - Foxconn Nvidia MCP61
CGU : Gigabyte - NVIDIA GeForce GT 620

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 23687
Re: Home routers are vulnerable
« Reply #12 on: June 13, 2015, 11:28:09 AM »
Those 4 four IP addresses you mentioned before were all on servers of various hosting companies in several countries. It looks like your modem/router is still vulnerable. I would suggest to also close down WAN access to the D-Link and contacting D-Link or Orange for a fresh firmware to flash.

Offline Mvzfka232

  • Comodo Family Member
  • ***
  • Posts: 80

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek