Posted on 08/11/2014 9:36:34 PM PDT by Utilizer
Specialized servers used by many ISPs to manage routers and other gateway devices provisioned to their customers are accessible from the Internet and can easily be taken over by attackers, researchers warn.
By gaining access to such servers, hackers or intelligence agencies could potentially compromise millions of routers and implicitly the home networks they serve, said Shahar Tal, a security researcher at Check Point Software Technologies. Tal gave a presentation Saturday at the DefCon security conference in Las Vegas.
At the core of the problem is an increasingly used protocol known as TR-069 or CWMP (customer-premises equipment wide area network management protocol) that is leveraged by technical support departments at many ISPs to remotely troubleshoot configuration problems on routers provided to customers.
According to statistics from 2011, there are 147 million TR-069-enabled devices online and an estimated 70 percent of them are residential gateways, Tal said. Based on scans of the Internet Protocol version 4 address space, the 7547 port, which is associated with TR-069, is the second most frequently encountered service port after port 80 (HTTP), he said.
TR-069 devices are set up to connect to Auto Configuration Servers (ACS) operated by ISPs. These servers run specialized ACS software developed by third-party companies that can be used to re-configure customer devices, monitor them for faults and malicious activity, run diagnostics and even silently upgrade their firmware.
(Excerpt) Read more at cso.com.au ...
They still can’t get past my firewall. They can’t get into my pc.
My case, I had already had the SBC/Yahoo DSL modem for a couple of years but was not entirely sure I was getting all the throughput I wanted out of it so I was considering a new one.
The Netgear refurb combo unit was on sale quite soon after, and it included the DSL modem, four-port LAN jacks, and added wireless as well which came in handy for when relatives came to visit and had poor reception on their devices. Just enabled the wireless function with some simple encryption and a randomly-generated password for them to use, and everything worked very well indeed.
Or something like "cthultu awaits". *grin*
Mine either.
Although I did have to go out and purchase some more tinfoil once I finished protecting it. ;)
I also run an ids. There are hundreds of attempts each day. Most are basic scans to see if you left something simple open.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.