Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Cisco Says 77 Routers Open to 'Drive-By Pharming'
PC World ^ | uesday, February 20, 2007 | Gregg Keizer, Computerworld

Posted on 02/20/2007 6:19:29 PM PST by xcamel

Cisco Systems Inc. is warning users that nearly 80 of its routers are vulnerable to a hack tactic that got play last week.

Dubbed "drive-by pharming" by Symantec Corp. and university researchers who first publicized the danger in a paper, the attack involves luring users to malicious sites where a device's default password is used to redirect them to bogus sites. Once they are at those sites, their identities could be stolen or malware could be force-fed to their computers.

In an advisory posted Thursday, Cisco listed 77 vulnerable routers in the lines sold to small offices, home offices, branch offices and telecommuters. The advisory recommended that users change the default username and password required to access the router's configuration settings, and disable the device's HTTP server feature.

The paper, co-written by a Symantec researcher and two other researchers from Indiana University, urged a similar move by router owners.

"Owners of home routers who set a moderately secure password -- one that is non-default and non-trivial to guess -- are immune to router manipulation via JavaScript," the report read.

The researchers also argued that router makers should stop using blank or easy-to-guess passwords, such as "admin," and switch to the device's serial number. "This value, which is unique to each individual router, would comprise a very secure and unpredictable password," the report stated.


TOPICS: Business/Economy; Crime/Corruption; Extended News
KEYWORDS: cisco; networks; routers; soho
Navigation: use the links below to view more comments.
first previous 1-2021-4041-52 last
To: Sender

Didn't think this would be the problem. Could be your modem, too. And by design by provider.


41 posted on 02/21/2007 2:10:19 PM PST by dhs12345
[ Post Reply | Private Reply | To 38 | View Replies]

To: dhs12345
So, I went out and bought a brand new Linksys 802.11n router and hooked it up. Made some config changes and now I'm on FR through the router.

I still have issues. I can get on FR (thank God) but I can't get on any homepage. I can ping any website and have a valid IP address but still there are...issues.

This has been a real learning experience for me. My "easy 30-minute setup" has consumed 2 days and 2 routers and 4 calls to various tech support.

I have more sympathy for the non-computer-literate masses now. If it's this difficult for me, it must be incomprehensible hell for dweebs.

Anyway, I feel relatively secure from neighborhood hackers. I changed the admin password, changed the router IP address, set up strong encryption, etc. Whew.

42 posted on 02/21/2007 4:35:21 PM PST by Sender ("Great powers should never get involved in the politics of small tribes.")
[ Post Reply | Private Reply | To 41 | View Replies]

To: Sender

Most of the set up is automatic, i.e., the router automatically sets itself up. Otherwise, it is really difficult. I've never done it manually.

Sounds like you are having dns issues. In addition to pinging , try copying the below ip addresses and pasting them into your browser:

Google: 209.85.135.99

Free Republic: 209.157.64.200

If the web pages display, then your dns settings are wrong or none at all. This information (the domain name server(s)) is usually passed down to the router automatically from the modem/dsl network. If you have your router set up in automatic/dhcp mode (WAN side). It is always best to let the router automatically configure itself.

You can easily force ip addresses on the LAN side. However, for the best stability, and if you don't have a lot of practice, dhcp is the best way to go.

WAN = modem side of the router, dsl network
LAN = local area network (your side of the router).

Check list (procedure):

1. make sure both WAN and LAN sides of your router have dhcp set up. And/or configuration is automatic. You may have reset this if you forced it to manual before.

2. Turn your PC off, your router off, and your modem off.

3. Turn your modem on, wait 1 minute, turn your router on, wait 1 minute, then boot your PC.

If you were successful, then you should have full access to the internet.

Note: if you have done this a few times, you will know when the modem, router, etc. has booted by watching the lights.

Good Luck.


43 posted on 02/21/2007 6:45:54 PM PST by dhs12345
[ Post Reply | Private Reply | To 42 | View Replies]

To: dhs12345
I think I may have found the root of my problems. My old NIC card, ADMtek 983 with driver dated 2001. Tried to update it, got a host of spam sites, adware sites etc.

Tomorrow I'm going to get a new Linksys gigabit NIC and put it in. Parakeets up!

44 posted on 02/21/2007 6:56:05 PM PST by Sender ("Great powers should never get involved in the politics of small tribes.")
[ Post Reply | Private Reply | To 43 | View Replies]

To: Sender

For got to mention... a couple more things to make your wifi a little more secure:

1. Don't broadcast your SSID. This puts your router in "stealth mode" -- it is more difficult for others to see your SSID. Others need your SSID in order to log onto your router and network. And if all of your neighbors broadcast theirs, they hackers will attack them first.

2. Enable/control access via the MAC id. There should be a table in your router that allows you to control who has access to your wifi network based on MAC ids. You will have to collect this information for each wireless PC on your network. The MAC id is a six set hex number that looks like below. It is your wireless card's physical/hardware address and can be found in your wireless configuration utility. No two MAC ids are alike.

00:34:67:AE:DF:05

Good luck.


45 posted on 02/21/2007 7:01:28 PM PST by dhs12345
[ Post Reply | Private Reply | To 42 | View Replies]

To: Sender
? Strange. Could be the nic. However, just about any nic should work. Make sure you have set your NIC up for DCHP, too.

I am still betting that it is your router and that WAN DHCP is not set up correctly.

Also, have you run spyware recently? Sounds like you have a bunch of spyware on your PC.

Also, I recommend that you run a virus scan. Did you connect your PC directly up to the modem? Not a good idea since people can easily hack your computer.
46 posted on 02/21/2007 7:10:03 PM PST by dhs12345
[ Post Reply | Private Reply | To 44 | View Replies]

To: Sender
Tomorrow I'm going to get a new Linksys gigabit NIC and put it in.

That might do the trick. As I mentioned in post 37, I have had the same problem with one of my machines, with 3 different routers. One of these days I'll figure out which setting or condition is causing it.

47 posted on 02/22/2007 4:58:58 AM PST by ken in texas (come fold with us.... team #36120)
[ Post Reply | Private Reply | To 44 | View Replies]

To: dhs12345; xcamel; COEXERJ145; quikdrw; KoRn; BlessedBeGod; ken in texas

FYI, I fixed the problem. I put in a Linksys 10/100 NIC, now works perfectly. The 6-yr-old ADMtek 983 NIC wasn't up to the job. End of problem.


48 posted on 02/22/2007 9:50:02 AM PST by Sender ("Great powers should never get involved in the politics of small tribes.")
[ Post Reply | Private Reply | To 46 | View Replies]

To: Sender

Grats! I used to work at the phone company and the first thing I consider with any problems to do with DSL are the phone lines. Sometimes it's very finicky to setup, but after it's working it's pretty solid.


49 posted on 02/22/2007 10:05:51 AM PST by KoRn
[ Post Reply | Private Reply | To 48 | View Replies]

To: Sender

Good job.


50 posted on 02/22/2007 11:20:14 AM PST by xcamel (Press to Test, Release to Detonate)
[ Post Reply | Private Reply | To 48 | View Replies]

To: Sender

Great!

For what its worth, every time you go through something like this, you learn a little bit more.


51 posted on 02/22/2007 12:47:01 PM PST by dhs12345
[ Post Reply | Private Reply | To 48 | View Replies]

To: Sender
Thank you so much for letting me know. That certainly helps narrow it down from nic, cable modem, router, cables, and Comcast! :-)
52 posted on 02/22/2007 9:27:07 PM PST by BlessedBeGod (Benedict XVI = Terminator IV)
[ Post Reply | Private Reply | To 48 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-52 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson