Belkin To Offer Firmware Fix For Router Hijacking

← Back to Stories (view on slashdot.org)

Belkin To Offer Firmware Fix For Router Hijacking

Posted by timothy on Monday November 10, 2003 @01:28PM from the testing-the-waters dept.

L-Train8 writes "Belkin has an announcement at the bottom of their homepage about the spam router. They have decided to disable the 'feature' that hijacks a random http request every 8 hours and redirects to a webpage advertising their parental control system. This will require a firmware upgrade. The message says details will be forthcoming. Interestingly, while I was preparing this submission, the message changed. Originally, it included a snippy remark about how what they were doing was not spam, despite what everyone on the internet says. The new version is much less testy."

11 of 418 comments (clear)

Min score:

Reason:

Sort:

"anonymous usage statistics?" by henc · 2003-11-10 13:29 · Score: 5, Interesting

Although they remove this feature, what other 'usage statistics'-logging-features are silently embedded?

My newer D-Link 604 router has some statistics and a thorough logging function (which is displayed in the web gui). - Is all of it really visible to the end user?

It's a good bet from the manufacturers that the device will be online all the time.
Perhaps one should install a box to surveil the router/firewall, if any connections are initiated from the router?

henc
1. Re:"anonymous usage statistics?" by Bowie+J.+Poag · 2003-11-10 13:42 · Score: 5, Interesting
  
  No, but your D-Link 604 router is a piece of shit.. I should know, I own one too, unfortunately.
  
  The router allows Windows XP to bypass normal user/administrator authentication on the router, and add entires to the firewall table.. Have a look at the firewall page on the router, and see if there's two entries for "msmsgs" that you didn't make. Ever wonder how those got there, especially in light of the fact your router is supposed to be password protected? Gee, thanks D-Link!
  
  Concievably, any schmuck out there could easilly write a virus that pollutes the firewall table in the same manner. I'm surprised nobody has done so already.
  
  --
  Bowie J. Poag
2. Re:"anonymous usage statistics?" by Tiersten · 2003-11-10 13:47 · Score: 5, Informative
  
  Actually, those extra entries are caused by UPNP. It's supposed to automatically add forwarding rules for services running on your local machines.
  The MSN Messenger protocol requires you to listen to certain ports and if you're behind a NAT firewall then it doesn't work properly so it uses UPNP. From what I gather, anything which knows about UPNP can request ports to be opened.
  
  It's not a specific thing from D-Link. A lot of new routers now support it.
3. Re:"anonymous usage statistics?" by Xenographic · 2003-11-10 13:54 · Score: 5, Funny
  
  Don't worry.
  
  They'll think of something else that's worse, more intrusive, etc. every eighteen months or so.
  
  I hereby dub this law to be known as "Xeno's law"
  
  The first corollary is that the average IQ of marketers is thought to be a monotone decreasing function which tends to zero.
4. Re:"anonymous usage statistics?" by Bowie+J.+Poag · 2003-11-10 14:01 · Score: 5, Informative
  
  ..Which is still an exploit.
  
  Keep in mind, when these "msmsgs" (Which I think is the spam-happy Microsoft Messaging service, not MSN Messenger) entries pop up, they occupy HUGE swathes of IP space. Literally, tens of thousands of ports.
  
  I originally noticed this problem while playing RTCW. Periodically, I wouldn't be able to log on to any servers, because the goddamn msmsgs entries in the firewall table would encompass the port range where RTCW servers reside (port 27000-30000 or so)... Huge areas of IP space, sometimes >20000 ports wide.
  
  Did I mention you cant delete these "msmsgs" entries?
  
  Yup. Not only are they added to the firewall table without your permission, you cant get rid of them. The only way you can remove those entries is by restoring factory defaults and rebooting. It took me 4 or 5 repetitions of this process to figure out what the fuck was going on.
  
  D-Link, if you're listening, fix your goddamn router.
  
  --
  Bowie J. Poag
Original Snippy Message by tribes · 2003-11-10 13:31 · Score: 5, Informative

Go go, Google cache!
Kharma whoring for fun and profit....
original message text by L-Train8 · 2003-11-10 13:33 · Score: 5, Informative

I was in the process of cutting and pasting Belkin's message into a story submission earlier today when it changed, so I have the original text. The message earlier today read:

Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.

Please expect more detailed information to follow early next week. Thank you.

Now we have the more concise and concilliatory

We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We will be offering firmware fixes available for download early next week. We do not have exact details yet
but we can tell you now that each Router's firmware that incorporates Parental Control as an option will be changed.

Please expect more detailed information to follow early next week. Thank you.

--

Don't forget that Friday is Hawaiian shirt day.
1. Re:original message text by Humba · 2003-11-10 14:33 · Score: 5, Funny
  
  We apologise for the fault in the router. Those responsible have been sacked.
  
  Mynd you, moose bites Kan be pretty nasti...
  
  We apologise again for the fault in the router. Those responsible for sacking the people who have just been sacked have been sacked.
  
  --Humba
lemme guess... by Anonymous Coward · 2003-11-10 13:34 · Score: 5, Funny

Every 8 hours you get redirected to a page saying "Sorry, we won't do it again. Promise."
Unemployed? Want a job? by Futurepower(R) · 2003-11-10 14:54 · Score: 5, Funny

In case you would like to apply for Mr. Deming's job, it's available. (Scroll down to "Marketing Manager"). Or, just write careers@belkin.com.

Of course, Belkin won't accept just anyone. The "right candidate" must be able to "strategize, initiate, and execute". He or she must be able to "drive revenue" and "leverage knowledge" about "end-user sell-thru strategies" and must be able to "align resources" and "translate raw content".
What about the backdoor? by Pepebuho · 2003-11-10 19:24 · Score: 5, Insightful

The Belkin router had not only a non compliant routing algorithm, but it had also a backdoor. Remember, if you clicked on "No Thanks", then a flag INSIDE THE ROUTER would be modified to disallow the misbehavior. Namely CLICKING AN EXTERNAL WEBPAGE MODIFIED THE INSIDES OF YOUR ROUTER!!!!! Is Belkin fixing this security hole also?