D-Link stock firmware will take over DNS

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
NXIL
DD-WRT Guru


Joined: 29 Dec 2008
Posts: 649
Location: Southern California

PostPosted: Sat May 16, 2009 23:14    Post subject: D-Link stock firmware will take over DNS Reply with quote
not relevant to DD-WRT users, but, just one more reason to use open source firmware: just heard that D-Link's latest firmware apparently routes your internet requests through their own DNS server, and, you get ads for free! Great.

Heard this in "Security Now" podcast:

http://twit.tv/sn

#196 May 14 2009 at time 37 minutes....
Quote:

# D-Link is about to begin to replace router built-in DNS with their own service. (This is poor as it will monetize DNS and fundamentally break the DNS service.)


Hmm, guess this has been known since November 2008:

http://tech.slashdot.org/article.pl?sid=08/11/05/2220213

Latest firmware has "captcha" too:

They are presenting this as a new security feature:
Quote:

A series of recent Internet security attacks on home and small office computers are compromising networks where users least expect it - their routers. These malicious software invasions, in which users unknowingly download a Trojan horse when performing common tasks, invade the router to detect wireless capabilities, then alter the victim's domain name system (DNS) records so that all future traffic is diverted through the, attackers' network first.

In response to the growing number of these attacks and subsequent user security concerns, D-Link Systems Inc. has integrated CAPTCHA, a system, designed to detect whether responses are human or computer-generated, into its home and small office routers as an extra safety measure.


Sadly, it's very poorly done:

http://www.theregister.co.uk/2009/05/15/dlink_router_gimmick/
Quote:

That's because the new firmware logs in using a GET request containing a salted MD5 hash of the password, along with with input that's unique to the CAPTHCHA image. It turns out all that's required to access the router's setup page is the hash, so the feature provides an easy way for anyone within range to access the panel that controls all kinds of sensitive settings and contains the WPA password.

What's more, the new firmware allows even those with user-level access the ability to log in to the control panel, so an attacker need not have administrative credentials to perform the attack.


NX

_________________
WRT54G v1.1 DD-WRT v24-sp2 (07/22/09) std - build 12548 VINT Eko


SP1: it's a problem.
Sponsor
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum