[Discuss] Router security alert
Patrick
NixNoob-sneaking at sneakEmail.com
Wed Jan 16 13:25:34 PST 2008
On Wed, 16 Jan 2008 09:50:34 -0800
John Blomfield wrote:
> Deryk Barker wrote:
> > Anyone who has a home router connected to the net should check out
> >
> > http://www.channelregister.co.uk/2008/01/15/home_router_insecurity/
> >
> > Basically, if you've got UPnP enabled, then *regardless* of browser,
> > router OS and whether you've change dthe router admin password you're
> > vulnerable to a malicious flash site.
> >
> > Fortunately my Linksys WRT54GL allows me to disable UPnP and I have done.
> >
> > This is potentially a VERY nasty hack.
True. And thanks for pointing this out to everyone.
> >
> > _______________________________________________
> > Discuss mailing list
> > Discuss at vlug.org
> > http://ladybug.vlug.org/cgi-bin/mailman/listinfo/discuss
> >
> My Dlink DIR655 has a UPnP enabled check box under the "Advanced" tab,
> so all is well now its unchecked.
D-Link DI-604 here; UPnP is under `Tools, Misc' and was on by
default. Not now.
But I wonder if it was kinda sorta semi-safe already [not that
I'd want to find out first-hand, of course]. The router is only
for LAN connections because I'm on dialup, and has a non-standard
IP, left-over from when WinXP shared its dialup connection across
the LAN [wanted 192.168.0.1 all to itself for that, so I let it
have that and gave the router a different one]. I'm not sure if
this setup will let it respond by name, or if it even has an
internal domain name [like http://D.link/ or whatever].
Oh well. Better safe than pwned.
>
> John Blomfield
Patrick.
--
Beware of Programmers who carry screwdrivers.
-- Leonard Brandwein
More information about the Discuss
mailing list