[clug] Drive-By Pharming Attack Could Hit Home Networks

David Symons david.symons at liberatedcomputing.net
Sat Feb 17 20:46:34 GMT 2007

On Sun, 2007-02-18 at 00:13 +1100, Michael Cohen wrote:
> On Sat, Feb 17, 2007 at 11:12:37PM +1100, David Symons wrote:
> > Out of the box, my router only allowed administration via the wired
> > interface.  Hopefully that's a fairly universal thing, making it a
> > limiting factor on the effectiveness of this sort of attack.
> David,
>   Thats not the point of the attack - its not that people can administer your
>   router through the wireless interface. The attack works by getting your
>   machine to request URLs from your router which submit form parameters to the
>   CGI administrative interface. So if your machine can admin the router, so can
>   the script kiddies... even on wire interfaces.

Ah, thankyou Michael.

So "Drive-By" is meant in a virtual sense and it this really applies to
any router administered this way, wireless or not (if I really do
understand it now).

Cheers, Dave.
David Symons
Canberra, Australia

More information about the linux mailing list