Posted on 02/20/2007 6:19:29 PM PST by xcamel
Cisco Systems Inc. is warning users that nearly 80 of its routers are vulnerable to a hack tactic that got play last week.
Dubbed "drive-by pharming" by Symantec Corp. and university researchers who first publicized the danger in a paper, the attack involves luring users to malicious sites where a device's default password is used to redirect them to bogus sites. Once they are at those sites, their identities could be stolen or malware could be force-fed to their computers.
In an advisory posted Thursday, Cisco listed 77 vulnerable routers in the lines sold to small offices, home offices, branch offices and telecommuters. The advisory recommended that users change the default username and password required to access the router's configuration settings, and disable the device's HTTP server feature.
The paper, co-written by a Symantec researcher and two other researchers from Indiana University, urged a similar move by router owners.
"Owners of home routers who set a moderately secure password -- one that is non-default and non-trivial to guess -- are immune to router manipulation via JavaScript," the report read.
The researchers also argued that router makers should stop using blank or easy-to-guess passwords, such as "admin," and switch to the device's serial number. "This value, which is unique to each individual router, would comprise a very secure and unpredictable password," the report stated.
Considering that Cisco is the Internet … you are right, this is not good.
somebody call al gore, quick!
So be a smart shopper, and for about $20 or so you don't need to worry.
?
Hype from a "security" company. This is hardly anything new. Anybody running an HTTP interface on their router with a default password is probably already hacked anyway.
I got new network cables, tried all sorts of config settings, can't get it to stay online. Everything works fine without the router. My ISP and Linksys tech support were not so good. ISP said "not us, call Linksys" and Linksys said "gee, I dunno, maybe it's a bad router."
sounds like an overheated chip - ie: bad router.
My brother's on DSL and he's always dropping out. Not every minute but too much for my liking.
Funny, I have this exact same problem and it started several months ago. It does it every morning for an hour or so and then stops.
I bought a new router but I can't make it work with my DSL connection, all I get is "low connectivity" message from Windows. Same message I get if I plug the DSL modem into the computer. Verizon tech support is useless and says the problem is with my PC. The PC is less than 2 months old.
I had a client with that problem. LinkSYS finally had a BIOS update that fixed it.
Can you explain why a router maker would allow someone on the external internet to connect to the http interface? Surely, such a router should only allow a dhcp client to do this, and it should certainly know their IP addresses.
What is this stuff about malicious sites? Does that just give them an IP address to attack by trying to connect back to the router?
Have your provider send a tech out to run a test on your phone lines back to the DSLAM. Are you using line filters on your phones or are you using a line splitter?
Do you have any satellite receivers plugged into a phone jack?
If the "serial number" is really what its name implies i.e. a number that increases serially with each product shoved out the door, then it can't be all that secure, as it's a monotonic increasing series.
This sucks.
I have exactly the same problem, too, but with broadband! It happened once in November, several times in December, and now happens every few days. It drives me nuts, but I don't know how to troubleshoot it.
It's neither good nor bad; it's just another example of the stupid getting the abuse they so richly deserve. I've bought plenty of Cisco products, like the new Linksys router right in front of me. Right there in the instructions it tells you to CHANGE THE F-F-F-FLIPPING PASSWORD. (Or words to that effect : ) All of them have that in the instructions. Those who fall victim to this "flaw" do so because they refused to follow instructions. If they wind up seeing 37 cases of vodka purchased from a Moscow liquor store on their Visa bill, they deserve it!
What does Pancho say?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.