Cisco Says 77 Routers Open to 'Drive-By Pharming'

PC World ^ | uesday, February 20, 2007 | Gregg Keizer, Computerworld

[pyx]

Linux on OpenWRT (White Russian 0.9) works very nicely. You can read more at http://www.openwrt.org

Read and understand thoroughly BEFORE you install.

[dhs12345]

Having and maintaining high speed connection is not a trivial task. And then there is wifi. People don't know how to set it up either.

Few people realize that they need a router in addition to the modem that the company provides. And then there is spyware and viruses. Etc. etc.

[pyx]

OpenWRT can turn your Linksys Router into a Linux computer with full router and firewall facilities.

[George W. Bush]

DD-WRT is also highly regarded. Personally, I'm using HyperWRT Thibor 16b. Very solid, great features.

All these are based on the Linux code Cisco/Linksys released back to the user community. So they are running the original GPL code on $50-$100 routers with modifications to add features normally found in $400 or more Cisco routers.

[George W. Bush]

Can you explain why a router maker would allow someone on the external internet to connect to the http interface? Surely, such a router should only allow a dhcp client to do this, and it should certainly know their IP addresses.

They literally mean 'drive-by'. As in connecting to and controlling the router wirelessly and reflashing its firmware (or just reconfiguring it) to stage man-in-the-middle attacks. They're talking about your neighbors in high-rises and apartment buildings attacking you via the router. Or in public hotspots or airports.

There are a number of attacks occurring in airports too. People who have enabled XP's Peer-To-Peer networking service and who take advantage of a "Free Internet" hotspot are connecting to a pirate trying to plant stuff on their shared folders/drives or who are staging man-in-the-middle attacks when they connect to corporate/banking/shopping sites. Many of these attackers are operating currently in major airports, universites, etc.

Lock down your wireless laptop and your router.

[Elsie]

"Hey, Cisco!" ?

[proxy_user]

My router is wired! If any hacker wants to connect, he has to plug in a cable.

I also use a strong password, 8 characters with both letters and numbers.

[Mike Bates]

I knew someone would know what that meant.

[Fawn]

ANd the cable guy tells me routers are the best security. uh huh.

[dhs12345]

And setting up each of the pcs with wep. Can be a pain because entry is not echoed. Is just like entering a password but 40 plus characters long.

WEP is not as secure as other methods. Always select 128bit. Then there are ambient noise sources like rf phones that interfere with wifi. Might require changing the frequency.

Also, don't broadcast SSID. No SSID creates other headaches when setting up the network or adding a new PC.

And then there is the issue of other wifis in the neighborhood interfering with you network. Windows machines tend to try to connect with the first available.

[Elsie]

That means YOU'RE an old coot; too!

[Elsie]

OOoooohhh!

36⁸!

[Mike Bates]

Old doesn't even begin to cover it. . . .

[TChris]

It has always been a Bad Idea to leave the default user, workgroup and especially password on a device when you connect to the Internet.

People are going to have to become more "street-smart" about being on the Internet, or they'll just keep getting scammed and abused.

Connecting your computer to the Internet is not a ho-hum, trivial thing. It's like driving through a big city. You'd better take some basic precautions and have some clue about the risks.

[Sender]

Yes I have DSL filters on all the phones and there are no satellite receivers. It's something between the router and the DSL modem, they don't get along.

[ken in texas]

It could also be something in your computer or NIC configuration. I have 3 machines running, all connected with Cat5 to the router. The connection on two machines are rock solid, the 3rd exhibits the same symptom. Every now and then I get pop-ups that the network cable is unplugged, it gets restored, and goes through the cycle for a while. Needless to say, it was plugged in the whole time.

It's happened with 3 different routers so far, but the other two machines have not had the problem. It's something between Windows XP SP2 and the NIC... someday I'll figure it out.

[Sender]

I tried the "keep alive" option but the problem remains. With my DSL connection, it will remain connected virtually forever (without the router) so I shouldn't need to keep it alive. I'm going to try a different router.

[steve-b]

the attack involves luring users to malicious sites where a device's default password is used to redirect them to bogus sites

Anybody who leaves a device set at the default password might as well be participating in a bareback orgy at a Port-au-Prince bath house.

[xcamel]

That's my take on it...