Exploit Kit Delivers Pharming Attacks Against SOHO Routers

← Back to Stories (view on slashdot.org)

Exploit Kit Delivers Pharming Attacks Against SOHO Routers

Posted by timothy on Tuesday May 26, 2015 @03:22AM from the north-of-houston-you're-ok dept.

msm1267 writes: For the first time, DNS redirection attacks against small office and home office routers are being delivered via exploit kits. French security researcher Kafeine said an exploit kit has been finding success in driving traffic from compromised routers to the attackers' infrastructure. The risk to users is substantial, he said, ranging from financial loss, to click-fraud, man-in-the-middle attacks and phishing.

19 of 31 comments (clear)

Min score:

Reason:

Sort:

Re: Then turn them off by Anonymous Coward · 2015-05-26 03:46 · Score: 5, Funny

"Just think, no more reading dumb comments."
I'm feeling an overwhelming irony here...
Know Thy DNS IP's! by hamsterz1 · 2015-05-26 04:05 · Score: 2

This makes a good case for knowing as much as possible about your router/modem's settings. Also I go to "grc.com" and use the "shields up" page to test my router's port settings. I also like to use "Open DNS" for my DNS servers. Even the paranoid are right sometimes. :)
1. Re:Know Thy DNS IP's! by WD · 2015-05-26 04:07 · Score: 1
  
  That's nice, but nothing that you describe helps protect against the vulnerability described.
2. Re:Know Thy DNS IP's! by hamsterz1 · 2015-05-26 04:08 · Score: 1
  
  This makes a good case for knowing as much as possible about your router/modem's settings. Also I go to "grc.com" and use the "shields up" page to test my router's port settings. I also like to use "Open DNS" for my DNS servers. Even the paranoid are right sometimes. :)
  PS Open DNS allows you to set security settings on your own dashboard page, and it's FREE for home users.
3. Re:Know Thy DNS IP's! by hamsterz1 · 2015-05-26 04:22 · Score: 1
  
  That's nice, but nothing that you describe helps protect against the vulnerability described.
  Then what would protect against this type of attack?. I tried to find new firmware for my router, but no updates available. Perhaps you can give me some advice, as I would like to learn something from this attack.
4. Re:Know Thy DNS IP's! by Anonymous Coward · 2015-05-26 04:35 · Score: 1
  
  Block ads and javascript. No ads, and you are way less likely to get this. No javascript and it won't work at all. What really needs to be done is to have all browsers deny access to local addresses by any tab that loads anything from the Internet. Noscript has ABE, which does that, but I'm not aware of any browser that does it by default; plus, noscript doesn't help you as this seems to target chrome browsers as an easier vector.
5. Re:Know Thy DNS IP's! by hamsterz1 · 2015-05-26 04:37 · Score: 1
  
  Block ads and javascript. No ads, and you are way less likely to get this. No javascript and it won't work at all. What really needs to be done is to have all browsers deny access to local addresses by any tab that loads anything from the Internet. Noscript has ABE, which does that, but I'm not aware of any browser that does it by default; plus, noscript doesn't help you as this seems to target chrome browsers as an easier vector.
  Thanks for your advice I will take it to heart. :)
6. Re:Know Thy DNS IP's! by WD · 2015-05-26 04:40 · Score: 4, Informative
  
  Yeah, that helps for sure. The other option is to see if there's a 3rd-party firmware for the router. The firmwares that come with home equipment out of the box are often pretty poor. And are often abandoned after they are shipped. However, something like dd-wrt / openwrt / tomato is likely to be better supported.
7. Re:Know Thy DNS IP's! by hamsterz1 · 2015-05-26 04:46 · Score: 1
  
  Yeah, that helps for sure. The other option is to see if there's a 3rd-party firmware for the router. The firmwares that come with home equipment out of the box are often pretty poor. And are often abandoned after they are shipped. However, something like dd-wrt / openwrt / tomato is likely to be better supported.
  Thanks I will check all three, to see if my router is supported by any of the above.:)
Don't buy a router unless it suports openwrt. by anwyn · 2015-05-26 04:11 · Score: 4, Interesting
This gives you the option to install free software that
- avoids deliberate company installed backdoors.
- has bugs fixed on a regular basis
- will work with IPV6
- can be modified for unusual configurations.
1. Re:Don't buy a router unless it suports openwrt. by jbmartin6 · 2015-05-26 04:57 · Score: 2
  
  I expect parent was saying that OpenWRT has bugs fixed regularly, and was not making a claim for free software in general. Also, free software is not the same as open source software. :)
  
  --
  This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
2. Re:Don't buy a router unless it suports openwrt. by Anonymous Coward · 2015-05-26 05:56 · Score: 2, Insightful
  This gives you the option to install free software that
  
  avoids deliberate company installed backdoors.
  
  has bugs fixed on a regular basis
  
  will work with IPV6
  
  can be modified for unusual configurations.
  I like open source but let's not invent silly excuses. Open source software is not bug fixed on a regular basis. It is fixed only if the project is popular enough. And even then problems arise, see the Open SSH fiasco.
  The modularity inherent in open source projects like OpenWRT actually offer VERY fast bugfix turnaround because the underlying packages are individually very popular and get updated and ported with ease. OpenWRT is a great example of Open Source done right.
3. Re:Don't buy a router unless it suports openwrt. by bloodhawk · 2015-05-26 13:33 · Score: 1
  
  Has openwrt become more usable? I was using it up until about 12-18months ago. The constant stability issues combined with arcane/not working configuration items and finding myself constantly downloading and testing various mods to get around problems just got to frustrating and time consuming to be worth it for me.
What's a good router with minimum feature set? by ggraham412 · 2015-05-26 04:55 · Score: 1

What's a good router to buy for home / small business that has a minimum feature set: uses DHCP, has some static IP addresses, has a LAN-only config web page, no stupid app store in my router, and no remote access, etc)?
I have a Linksys EA6900, and it makes me nervous because it is chok full of features that I don't use and I never plan on using. Each and every one is probably an exploit waiting to happen. Personally, I think if such routers are easily hacked because of poorly implemented features and are responsible for fraud, they should be considered fodder for product liability lawsuits.
1. Re:What's a good router with minimum feature set? by oldguy62 · 2015-05-26 05:06 · Score: 1
  
  mikrotik 2011 -- nuf said
2. Re:What's a good router with minimum feature set? by bobbied · 2015-05-26 05:34 · Score: 1
  
  Anything that runs OpenWRT..... Even a consumer model... In fact, I think your existing hardware is supported, albeit it's not being claimed as "stable" yet.
  
  --
  "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
3. Re:What's a good router with minimum feature set? by Gravis+Zero · 2015-05-26 05:43 · Score: 3, Interesting
  
  mikrotik 2011 -- nuf said
  mikrotik make routerboard routers, so that would be RB2011
  
  The RB2011Ui is a low cost multi port device series. Designed for indoor use, and available in many different cases, with a multitude of options.
  The RB2011 is powered by RouterOS, a fully featured routing operating system which has been continuously improved for fifteen years. Dynamic routing, hotspot, firewall, MPLS, VPN, advanced quality of service, load balancing and bonding, real-time configuration and monitoring - just a few of the vast number of features supported by RouterOS.
  RouterBOARD 2011UiAS-2HnD has most features and interfaces from all our Wireless routers. It’s powered by the new Atheros 600MHz 74K MIPS network processor, has 128MB RAM, five Gigabit LAN ports, five Fast Ethernet LAN ports and SFP cage (SFP module not included!). Also, it features powerful 1000mW dual chain 2.4Ghz (2312-2732MHz depending on country regulations) 802.11bgn wireless AP, RJ45 serial port, microUSB port and RouterOS L5 license, as well as desktop case with power supply, two 4dBi Omni antennas and LCD panel- all this for only $129!
  Tested and recommended to use with MikroTik SFP modules: S-85DLC05D, S-31DLC20D and S-35/53LC20D (not included)
  RouterBOARD 2011UAS-2HnD-IN comes with desktop enclosure, LCD panel and power supply.
  Wall mount kit (product code RBWMK) for network closet is available for purchase as an optional accessory.
  The RB2011Ui also has passive PoE output capability on the last port (ETH10), this means you can power another device just by connecting it over regular Ethernet cable
  seriously, minimum feature set? it has it's own fucking LCD!
  
  --
  Anons need not reply. Questions end with a question mark.
Re:UNIX Only by OhSoLaMeow · 2015-05-26 05:15 · Score: 4, Funny

This is UNIX Only.
I know this.

--
They can take my LifeAlert pendant when they pry it from my cold dead fingers.
Re:look out by bobbied · 2015-05-26 05:28 · Score: 1

What? Host file security? Not unless you fully disable NSLOOKUP, which is not that easy to do.... Why not just bypass all this and use DNS servers that you control and block DNS services for everything else? Much more secure than hosts files....

--
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101