Go Back   XplornetSUCKS > News
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Thread Tools Display Modes
Old 02-18-2014, 12:00 AM
buttitchi buttitchi is offline
offline "Global Moderator" Retired
Join Date: Feb 2008
Posts: 213
Default More flawed routers(feb 2014)

This is really getting to be ridiculous.
So now Asus routers have/had a flaw that if you have a usb(network storage) drive plugged in to your router, anyone can access it.
Fuck this cloud based storage bullshit where many security holes exist.

Security holes like this is why people put DD-WRT on their new routers.
It can make an unstable router(bad makers firmware) much more stable and pleasant to work with. And hopefully, usually keeps safe default permissions.

"The vulnerability is that on many, if not on almost all N66U units that have enabled https Web service access via the AiCloud feature......

An Ars reader by the name of Jerry got a nasty surprise as he was browsing the contents of his external hard drive over the weekend—a mysterious text file warning him that he had been hacked thanks to a critical vulnerability in the Asus router he used to access the drive from various locations on his local network.

"This is an automated message being sent out to everyone effected [sic]," the message, uploaded to his device without any login credentials, read. "Your Asus router (and your documents) can be accessed by anyone in the world with an Internet connection. You need to protect yourself and learn more by reading the following news article: //nullfluid.com/asusgate.txt.".....

.....According to Lovett, the weakness affects a variety of Asus router models, including the RT-AC66R, RT-AC66U, RT-N66R, RT-N66U, RT-AC56U, RT-N56R, RT-N56U, RT-N14U, RT-N16, and RT-N16R. Asus reportedly patched the vulnerabilities late last week, but as Jerry's experience demonstrates, it has yet to be installed on some vulnerable routers.

Then we have Lynksys and a self-replicating bot.
If you have your 'remote administration' on. Turn it off.
There are ISP's who sell the router to go with the customers internet package. They turn on the backdoor so they can 'help' their dumbass customer fix things that get broken. Hackers love it!!!

Johannes B. Ullrich, CTO of the Sans Institute, told Ars he has been able to confirm that the malicious worm has infected around 1,000 Linksys E1000, E1200, and E2400 routers, although the actual number of hijacked devices worldwide could be much higher. A blog post Sans published shortly after this article was posted expanded the range of vulnerable models to virtually the entire Linksys E product line. Once a device is compromised, it scans the Internet for other vulnerable devices to infect. ......

.....Ullrich takes this to mean that the worm downloads a second-stage exploit from port 193 of the attacking router. (The port can change, but it is always less than 1024.)

The objective behind this ongoing attack remains unclear. Given that the only observable behavior is to temporarily infect a highly select range of devices, one possible motivation is to test how viable a self-replicating worm can be in targeting routers. Indeed, last March, an anonymous hacker claimed to have built a botnet for more than 420,000 routers, modems, and other Internet-connected devices purely for the fun and knowledge it provided.

Then of course, lets change your DNS server number and send you to a site to scrape your banking credentials.

Many users start their visit at e-banking service with bank’s home page, where they would normally click a button labelled “Sign In” or something along these lines. And while the target sign-in form is (as you would expect) SSL-encrypted, the home page is not. While criminals intercept the unencrypted request, they simply modify links to clear HTTP, adding “ssl-.“ string to hostname, apparently in an attempt to fool casual users (Note that the nonexistent ssl-. hostnames would only be resolved by malicious DNS servers.) While the connection is proxied through malicious servers, SSL is terminated before it reaches the user. Decrypted content is then modified and sent unencrypted to the customer. From the user’s perspective everything looks like a normal e-banking session, the only difference being the unusual hostname appearing at some point and lack of HTTPS indicators. In other words, users’ ability to recognize the fraud depends on his/her vigilance in spotting that an apparently legit bank website redirects to a phishy URL.
Hi Diddly Ho, Good Neighborino
Reply With Quote
Old 02-18-2014, 11:01 AM
Brad R Brad R is offline
Linux Member
Join Date: Apr 2007
Location: Ontario
Posts: 607

Hmmm. We have one Asus router configured as a wireless bridge -- it was an emergency purchase when my wife's WRT-54G died. I think it's far enough removed from the Internet that it is safe; and we don't have a storage devices attached to it anyway.

But still...I have to fix or replace that WRT-54G. (It was running DD-WRT.)
4G Fixed Wireless Formerly Echostar 17 "Jupiter"; Rogers Rocket Hub; Everus 3.5 GHz Wireless; Telesat Kazam plan; HughesNet Ku.
A computer without Windows is like a chocolate cake without mustard. http://www.goodbyemicrosoft.net
Reply With Quote
Old 02-18-2014, 02:33 PM
buttitchi buttitchi is offline
offline "Global Moderator" Retired
Join Date: Feb 2008
Posts: 213

My main Asus, around 6 years old, the build on it does not have usb port support. No IPv6 support either, which I think initially had to do with firewall rules from dd-wrt and the possibility of leaving the IPv6-LAN open to the Internet.
There are other builds that can enable these. But there is a ram limitation, so things were chopped up a bit.

My secondary Asus is in bridge mode(with a secondary Wifi network) and no usb port on it.

I see there are some nice quality budget(below $100) routers from Asus and other makers(no d-link or belkin! with stock firmwares that hijack for profit) for my next upgrade. Wireless n , ipv6 native and dual network(2.4Ghz/5Ghz). Will also get dd-wrt.
My ISP may not have native IPv6 running until 2015 or 2016. Lots of work in the rebuild of the network to accommodate(old hardware going byebye).
Hi Diddly Ho, Good Neighborino

Last edited by buttitchi : 02-18-2014 at 02:40 PM.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

All times are GMT -4. The time now is 01:26 AM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.