[clug] Drive-By Pharming Attack Could Hit Home Networks
Alex Satrapa
grail at goldweb.com.au
Thu Feb 22 23:12:36 GMT 2007
On 22/02/2007, at 23:43 , David Collett wrote:
> I think many routers already do this (no admin on wireless interface
> and/or wireless disabled out of the box). It doesn't stop *this*
> attack
> though, thats the whole reason this one is more interesting, it works
> from *your* computer over your *wired* connection.
For those who didn't read TFA, here is how the attack works:
1) Victim visits website that contains malicous Javascript
2) Malicious Javascript causes browser to redirect to the admin page
on the router which sets up malicious DNS addresses
3) Further web browsing will cause DNS lookups to go through
malicious DNS, which will probably redirect all web requests through
the attacker's proxy/man-in-the-middle server
If you set an administrative password that is not the default for the
device, this attack will not work. We've derailed the discussion with
talk about wireless routers (probably because a lot of us associate
"drive by" with "war driving", when this version of "drive by" really
means "click through"). I don't think David's assertion that the idea
of disabling the primary feature of a router product until an
administrative password is entered will fail to address the
vulnerability.
The same configuration requirement could apply to wired-only routers
or any other network connected device: don't allow (activation of
primary feature of network connected product) until a password has
been set for the (sensitive functions on the network connected
product). Don't want drive-by activation of your network-connected
espresso machine? Then set the password to something other than
default settings.
Have a look at the way an Apple AirPort is set up: the very first
thing it asks you for is an administrative password. Yes yes, it's a
wireless router too so I'm further contributing to the
misrepresentation of the vulnerability as affecting wireless routers
only…
Alex
More information about the linux
mailing list