Posted on 08/11/2014 9:36:34 PM PDT by Utilizer
Specialized servers used by many ISPs to manage routers and other gateway devices provisioned to their customers are accessible from the Internet and can easily be taken over by attackers, researchers warn.
By gaining access to such servers, hackers or intelligence agencies could potentially compromise millions of routers and implicitly the home networks they serve, said Shahar Tal, a security researcher at Check Point Software Technologies. Tal gave a presentation Saturday at the DefCon security conference in Las Vegas.
At the core of the problem is an increasingly used protocol known as TR-069 or CWMP (customer-premises equipment wide area network management protocol) that is leveraged by technical support departments at many ISPs to remotely troubleshoot configuration problems on routers provided to customers.
According to statistics from 2011, there are 147 million TR-069-enabled devices online and an estimated 70 percent of them are residential gateways, Tal said. Based on scans of the Internet Protocol version 4 address space, the 7547 port, which is associated with TR-069, is the second most frequently encountered service port after port 80 (HTTP), he said.
TR-069 devices are set up to connect to Auto Configuration Servers (ACS) operated by ISPs. These servers run specialized ACS software developed by third-party companies that can be used to re-configure customer devices, monitor them for faults and malicious activity, run diagnostics and even silently upgrade their firmware.
(Excerpt) Read more at cso.com.au ...
Set up an old computer with fild names like “my bank accout password” and hooked to an old router with default password.
BFL And bookmarking
There's a cheery thought. I'd probably not go with "1492", and the wireless is disabled for now, but I might just do that to discourage anyone attempting to access it from the net just to make them nervous about making the attempt.
The information on the article site seems to indicate you need root access to the router before you can access it to disable any ports, which are not accessible to the customer on the ISP-supplied routers.
Thanks. I was hoping to get some helpful advice from fellow FReepers once I came across the article, and so far some excellent suggestions and advice have already been posted.
Hope to see a few more at least.
ping...
LOL! I do the exact same thing—only I only need one router.
Depending on how their networks are configured, if you block access to the ACS server, you could possibly kill your internet, if your “router”(they aren’t REALLY routers, they’re more like ‘smart transceivers’) has to ‘call home’ and pull down configuration when they are booted up.
I would hope they don’t have their networks setup to run that way though. That would be one hell of a central point of failure if there are ever issues on their end. They probably have a hierarchy of servers; local/regional/central to reduce overhead and build in redundancy.
As an end user, I wouldn’t be terribly concerned about this. Well, maybe a little. It might be good to be aware of it.
Always bridge your network from the ISP. It doesn’t insulate you from an attack, but it insulates the damage they could do. The ISPs are going to mandate that you use CWMP if you want support. I personally bought a Motorola Surfboard and told my ISP that I just need the bridge information. They don’t support anything unless the connection drops. This isn’t ideal for most home users.
My suggestion to most FReepers is to NOT use your ISP’s router for direct connections to computers or the ISP wireless connection. You might be sold a bill of goods on what they support if you use their native wireless, but it’s not worth the security headache. Buy a cheap Linksys or Netgear wireless router/switch and learn how to configure it yourself. Don’t let ANY company say they’re securing you. They’re not.
Thanks for the advice. I feel better about this Netgear router already, although at about ten years old I am trying harder and harder to find a suitable replacement before its EOL becomes clear.
Linksys E3000 with DDWRT firmware is rock solid. It’s a pricey piece of equipment (>$100), but it’s worth the money. DDWRT allows you to lock it down even more without compromising speed.
It is a bookmark, just shorter to spell.
*laugh*
Like “bkmk” is too long? *grin*
I never use ISP provided modem/routers. I purchase my own. I don’t trust Comcast enough to use their equipment in my residence.
hang a share called “warez” on it..
so Verizon would have to have something that takes fiber on one side and gives you an Ethernet drop on the other side.
The point of ip is to give a common global networking addressing scheme (layer 3) to dissimilar data link physical layer devices (layer 2/1)
in other words your home router doesn't know how to talk to a fiber data link ...Verizon provide you a box that has a fiber interface on one slide in an Ethernet interface on the other and each of those interfaces gets an IP address ...or maybe just the ethernet interface.. but the verzion box still does the translation between fiber and Ethernet protocol at the datalink Layer 2
There’s modem on the outside that coverts fiber to ethernet. This then terminates on a small wifi router inside. So instead of taking their cheap little router that has the backdoor built in you use your own.
They don’t have any access past the new device.
So the isp modem has an open port at listening for the isp management server. At least if what i read is right on this protocol and how in being hacked.
I think what confuses people is the article using the term router.. people think of their home router as the only router.. but the isp modem is also a router if forwards L3 traffic from one L3 interface to another L3 interface.
L3= network = IP Address in this case
BFL
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.