PDA

View Full Version : Routers & DNS Rebinding



jimzak
2010-07-14, 16:38
I have a very common router, the Linksys WRT54GL.

I have read that this router is subject to DNS rebinding attacks.

http://www.zdnet.com/blog/hardware/millions-of-routers-vulnerable-to-hack-attack-is-yours/8895?tag=nl.e550

There's a list of vulnerable routers embedded here:

http://blogs.forbes.com/firewall/2010/07/13/millions-of-home-routers-vulnerable-to-web-hack/

Anyone know of a fix? I hate to have to go router shopping.

Thanks.

peterw
2010-07-14, 17:05
Anyone know of a fix? I hate to have to go router shopping.


Set a good password. DNS rebinding works best (is most dangerous) when there's no password required. It sounds like this new attack relies on the router having a default, or easily guessed, password (probably he compiled the most common username/password combinations). BTW, Squeezebox Server, like most web apps, is also vulnerable to DNS Rebinding attacks of you don't set a good password, and CSRF attacks if you don't enable the anti-CSRF security measures.