Belkin To Offer Firmware Fix For Router Hijacking

← Back to Stories (view on slashdot.org)

Belkin To Offer Firmware Fix For Router Hijacking

Posted by timothy on Monday November 10, 2003 @01:28PM from the testing-the-waters dept.

L-Train8 writes "Belkin has an announcement at the bottom of their homepage about the spam router. They have decided to disable the 'feature' that hijacks a random http request every 8 hours and redirects to a webpage advertising their parental control system. This will require a firmware upgrade. The message says details will be forthcoming. Interestingly, while I was preparing this submission, the message changed. Originally, it included a snippy remark about how what they were doing was not spam, despite what everyone on the internet says. The new version is much less testy."

26 of 418 comments (clear)

Min score:

Reason:

Sort:

"anonymous usage statistics?" by henc · 2003-11-10 13:29 · Score: 5, Interesting

Although they remove this feature, what other 'usage statistics'-logging-features are silently embedded?

My newer D-Link 604 router has some statistics and a thorough logging function (which is displayed in the web gui). - Is all of it really visible to the end user?

It's a good bet from the manufacturers that the device will be online all the time.
Perhaps one should install a box to surveil the router/firewall, if any connections are initiated from the router?

henc
1. Re:"anonymous usage statistics?" by MisanthropicProggram · 2003-11-10 13:42 · Score: 4, Interesting
  
  I hope the folks whose expertise is in this area will keep an eye out for any other hanky-panky.
  I really appreciate the folks who spend the time to figure out these things instead of writing it off as little "quirks" or accepting the line from tech support that you have to get "used to the product".
  My brother actually got this line from a Fujitsu tech support guy when he complained that his laptop didn't always read the CD-rom when a new one was inserted and the fact that the laptop didn't shutdown when told to (It would just restart ). - this was in 1999 - BTW.
  
  --
  There is no spoon or sig.
2. Re:"anonymous usage statistics?" by Bowie+J.+Poag · 2003-11-10 13:42 · Score: 5, Interesting
  
  No, but your D-Link 604 router is a piece of shit.. I should know, I own one too, unfortunately.
  
  The router allows Windows XP to bypass normal user/administrator authentication on the router, and add entires to the firewall table.. Have a look at the firewall page on the router, and see if there's two entries for "msmsgs" that you didn't make. Ever wonder how those got there, especially in light of the fact your router is supposed to be password protected? Gee, thanks D-Link!
  
  Concievably, any schmuck out there could easilly write a virus that pollutes the firewall table in the same manner. I'm surprised nobody has done so already.
  
  --
  Bowie J. Poag
3. Re:"anonymous usage statistics?" by Tiersten · 2003-11-10 13:47 · Score: 5, Informative
  
  Actually, those extra entries are caused by UPNP. It's supposed to automatically add forwarding rules for services running on your local machines.
  The MSN Messenger protocol requires you to listen to certain ports and if you're behind a NAT firewall then it doesn't work properly so it uses UPNP. From what I gather, anything which knows about UPNP can request ports to be opened.
  
  It's not a specific thing from D-Link. A lot of new routers now support it.
4. Re:"anonymous usage statistics?" by Xenographic · 2003-11-10 13:54 · Score: 5, Funny
  
  Don't worry.
  
  They'll think of something else that's worse, more intrusive, etc. every eighteen months or so.
  
  I hereby dub this law to be known as "Xeno's law"
  
  The first corollary is that the average IQ of marketers is thought to be a monotone decreasing function which tends to zero.
5. Re:"anonymous usage statistics?" by Bowie+J.+Poag · 2003-11-10 14:01 · Score: 5, Informative
  
  ..Which is still an exploit.
  
  Keep in mind, when these "msmsgs" (Which I think is the spam-happy Microsoft Messaging service, not MSN Messenger) entries pop up, they occupy HUGE swathes of IP space. Literally, tens of thousands of ports.
  
  I originally noticed this problem while playing RTCW. Periodically, I wouldn't be able to log on to any servers, because the goddamn msmsgs entries in the firewall table would encompass the port range where RTCW servers reside (port 27000-30000 or so)... Huge areas of IP space, sometimes >20000 ports wide.
  
  Did I mention you cant delete these "msmsgs" entries?
  
  Yup. Not only are they added to the firewall table without your permission, you cant get rid of them. The only way you can remove those entries is by restoring factory defaults and rebooting. It took me 4 or 5 repetitions of this process to figure out what the fuck was going on.
  
  D-Link, if you're listening, fix your goddamn router.
  
  --
  Bowie J. Poag
6. Re:"anonymous usage statistics?" by Kwil · 2003-11-10 14:46 · Score: 4, Funny
  
  Yet in order to decrease to 0, it first must decrease by half.
  
  In order to decrease by half it first must decrease by half of that.
  
  In order to decrease by half of that, it must first decrease by half of that, and so on.
  
  So it would seem that the IQ can never actually decrease at all.
  
  This would imply that the IQ must start at 0.
  
  You could call this something spiffy.. Xeno's Paradox maybe. :)
  
  --
  That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze
7. Re:"anonymous usage statistics?" by Anonymous Coward · 2003-11-10 15:08 · Score: 4, Funny
  
  Yet in order to decrease to 0, it first must decrease by half.
  Ignoring Newton makes Baby Jesus cry.
8. Re:"anonymous usage statistics?" by rnturn · 2003-11-10 15:44 · Score: 4, Funny
  
  ``With no IQ, I think they'd act totally randomly and, therefore, would have to do something smart from time to time, even if the probability of such an act were very small.''
  
  Brownian Intelligence?
  
  --
  CUR ALLOC 20195.....5804M
I've got a fix... by Dimensio · 2003-11-10 13:29 · Score: 4, Interesting

...It involves a hatchet.

Seriously, Belkin's response to this has been utterly abysmal. First they tried to justify it, only now that it's blowing up in their face do they try to remedy it.

They've lost a great deal of trust that they will never regain.

--
STOP MISUSING APOSTROPHES, YOU MORONS!!!
1. Re:I've got a fix... by Shakrai · 2003-11-10 13:43 · Score: 4, Insightful
  
  They've lost a great deal of trust that they will never regain.
  Sure, among uber-geeks and /.'ers. John Q. Public who purchased these Routers was doubtless annoyed by it, but John Q. Public who is still in the market and who (likely) hasn't heard about it will still consider buying Belken products.
  Two questions/points would spring to mind:
  1) I pity the poor Level 1 techs at Belken who are going to have to walk all the Mom & Pop users through flashing the firmware.
  2) I wonder how many units are still sitting on store shelves with the old firmware in them? This could haunt Belken for quite some time yet.
  Personally, I have experience with Linksys, Belken and Netgear NAT routers. I'll be sticking with my Duron based $250 Linux box and iptables :) So what if it uses 50+ kilowatt hours of power a month ;)
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
2. Re:I've got a fix... by Shakrai · 2003-11-10 14:04 · Score: 4, Funny
  
  Err, I get your point, but really... "what's a web interface?". Why would they be buying a router if they don't know what the web is?
  The web? Isn't that like AOL?
  Sorry, that was too easy. I should probably lose some of my cynicism :P It's been reinforced too much by end users.
  In all seriousness though, I think "web interface" would confuse them, whereas if you said "We are going to a special webpage in Internet Explorer" or something along those lines you'd have better luck. Or maybe not. Never underestimate the stupidity of an end-user....
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
Original Snippy Message by tribes · 2003-11-10 13:31 · Score: 5, Informative

Go go, Google cache!
Kharma whoring for fun and profit....
The old message? from Google cache by AEton · 2003-11-10 13:32 · Score: 4, Informative

cache here (as of 10 Nov 2003 20:43 EST):

Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.

--
We recently had heard in the office over one of the Yellow Machine that's made by Anthology Solutions.
1. Re:The old message? from Google cache by _Sprocket_ · 2003-11-10 17:44 · Score: 4, Interesting
  
  Here's some more interesting things for the record.
  
  The origional reply from Eric Deming ("a product manager for Belkin's LAN products and ... very involved with the development of the Parental Control feature") to news.admin.net-abuse.email was removed. Oddly enough. However you can find mirrored copies re-inserted in to Google Groups thanks to:
  
  Malev
  Clifton T. Sharp Jr.
  dave
  
  And even a simple text mirror outside Google's domain provided by Steven J Sobol.
  
  The removed message was replaced by a very familiar sounding post again from Eric Deming. Google Groups currently has its own copy available (at the time of this writing). But others have already began the process of burying the text - probably due to previous experience.
  
  Of course - if all these sources fail you... you can always find the same text burried in reader comments from the initial Slashdot article mentioned in this article's submission.
original message text by L-Train8 · 2003-11-10 13:33 · Score: 5, Informative

I was in the process of cutting and pasting Belkin's message into a story submission earlier today when it changed, so I have the original text. The message earlier today read:

Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.

Please expect more detailed information to follow early next week. Thank you.

Now we have the more concise and concilliatory

We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We will be offering firmware fixes available for download early next week. We do not have exact details yet
but we can tell you now that each Router's firmware that incorporates Parental Control as an option will be changed.

Please expect more detailed information to follow early next week. Thank you.

--

Don't forget that Friday is Hawaiian shirt day.
1. Re:original message text by Drishmung · 2003-11-10 14:19 · Score: 4, Insightful
  
  It's a very common attitude: that spam is something that other people do. Our advertising is valuable and desirable and can't possibly be spam, so different rules apply.
  It is really, really basic. It's a form of the Golden Rule. "Would this be acceptable to us if someone did it to us?" Or, "would our customers find this acceptable if another company did it?"
  The marketing types responsible for this are demonstrably liabilities to Belkin and should be dismissed. As if...
  
  --
  Protoplasm. Quiet Protoplasm. I like quiet protoplasm.
2. Re:original message text by Humba · 2003-11-10 14:33 · Score: 5, Funny
  
  We apologise for the fault in the router. Those responsible have been sacked.
  
  Mynd you, moose bites Kan be pretty nasti...
  
  We apologise again for the fault in the router. Those responsible for sacking the people who have just been sacked have been sacked.
  
  --Humba
Re:In case their message changes again... by (startx) · 2003-11-10 13:34 · Score: 4, Informative

From the google cache

"Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.

Please expect more detailed information to follow early next week. Thank you."
lemme guess... by Anonymous Coward · 2003-11-10 13:34 · Score: 5, Funny

Every 8 hours you get redirected to a page saying "Sorry, we won't do it again. Promise."
Re:Brouhaha over nothing by herrvinny · 2003-11-10 13:48 · Score: 4, Insightful

The problem is, you do accept it so willingly. You shouldn't have to deal with this. Nobody should have to.

Advertising shouldn't be on a product that is paid for. The router should do only one thing: route packets. Anything else, if it drops packets, rewrites packets (which it does), etc, then it doesn't work properly, and a complaint to Belkin is in order, along with a request for an RMA#. If the router is designed not to work properly (as it seems), then we need to file a report with the FTC.
Too little, too late by swordgeek · 2003-11-10 13:51 · Score: 4, Insightful

Belkin has lost my business, until they very aggressively do something to FIX the problems of the internet.

All that backing off here is doing, is admitting that they pushed a bit too hard. Nobody can tell me that the goal of Belkin has changed, or is any different from VeriSign's. They want to manipulate the infrastructure of the internet. They want control over my computer, and how it works.

Fuck 'em. They have to REALLY work hard to win back my business. Apologizing and issuing a firmware patch ain't good enough by half.

--

"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
Unemployed? Want a job? by Futurepower(R) · 2003-11-10 14:54 · Score: 5, Funny

In case you would like to apply for Mr. Deming's job, it's available. (Scroll down to "Marketing Manager"). Or, just write careers@belkin.com.

Of course, Belkin won't accept just anyone. The "right candidate" must be able to "strategize, initiate, and execute". He or she must be able to "drive revenue" and "leverage knowledge" about "end-user sell-thru strategies" and must be able to "align resources" and "translate raw content".
What about the backdoor? by Pepebuho · 2003-11-10 19:24 · Score: 5, Insightful

The Belkin router had not only a non compliant routing algorithm, but it had also a backdoor. Remember, if you clicked on "No Thanks", then a flag INSIDE THE ROUTER would be modified to disallow the misbehavior. Namely CLICKING AN EXTERNAL WEBPAGE MODIFIED THE INSIDES OF YOUR ROUTER!!!!! Is Belkin fixing this security hole also?
Re:D-Link PnP by Bowie+J.+Poag · 2003-11-10 19:25 · Score: 4, Funny

Thank you.

I just wish there was a more adequate explanation of UPnP in the manual. Here's a copy of it, taken directly from the manual:

"UPnP is short for Universal Plug and Play which is a networking architecture that provides compatibility among networking equipment, software, and peripherals. The DI-604 is a UPnP enabled router and will only work with other UPnP devices/softwares. If you do not want to use the UPnP functionality, it can be disabled by selecting "Disabled".

It should read:

"Leaving this stupid fucking feature on leaves you bent-over and spread-cheeked for when a piece of malicious software comes along decides block every damn port on our router. UPnP allows changes to be made without your knowledge OR consent--it allows any program to totally bypass user/admin authentication. As an added bonus, entries commited via this backdoor^H^H^H^H^H^H^H^H"feature" cant' be removed without first factory-defaulting the whole goddamn router and rebooting it. Anyway, Microsoft wants us to put it here and leave it on by default. Click the box to disable it."

I think my explanation is much clearer, don't you? :)

--
Bowie J. Poag
Most Smoking Crack Operation? by heironymouscoward · 2003-11-10 22:05 · Score: 4, Funny

Instant poll:

Who smoked the most crack in 2003?

(_) SCO
(_) Belkin
(_) Verisign
(_) CowboyNeal
(_) *A
(_) All of the above

--
Ceci n'est pas une signature