Vulnerability In Linksys Cable/DSL Router

ispcay writes "Yahoo has published an article on a Linksys vulnerability. An easily exploitable software vulnerability in a common home networking router by Linksys Group could expose thousands of home users to denial of service attacks, according to a security advisory issued by iDefense, a software security company." The article's kinda sparse on details, but does mention that the vulnerability is fixed in the latest firmware release. Upgrade 'em if ya got 'em!

NAT with no firewall ?

[Graspee_Leemoor]

Slightly on-topic can anyone tell me what vulnerabilites exist if you are running a DSL router using NAT but no firewall ?

I have a small to fair amount of TCP/IP knowledge and at the moment my thinking is that you are only really vulnerable to DOS attacks.

I mean, if you aren't forwarding any ports then the only time there is a chink in your armour is when you have a temporary alias set up for a connection, which will be one port on one of the machines on your LAN. This alias won't last for long, and it will be on a port you're using for getting out, e.g. port 80,125... and you'd probably have to set your firewall up to allow this through if you ran a firewall.

Normally if a packet comes in to your sole external ip address and you haven't set up any port forwarding (or you have but it's not one of the ports you want to forward), the DSL router will just drop the packet.

Can anyone please clue me in on the vulnerabilities of using NAT alone and no firewall ?

graspee

Re:not vulnerable by default

[Wolfrider]

Jennifer Tilly is your AUNT?? Dude, she's HOT!
:b

.