Jump to content

D-Link routers have browser accessable backdoor- check now!

Xernicus

By Xernicus
in Internet, Network & Security

 Share

Recommended Posts

Xernicus Newbie

Xernicus

Posted
Posted

Today, I received a very disturbing email in my inbox from Sophos. As an IT Project manager, I feel the need to be up to date on all known vulnerabilities for my customers- and for myself. And unfortunately for those who are non-believers, Sophos is the world's leading firm in IT security- so I'm pretty sure that your cocky attitude on how you waste 80 bucks a year on AntiVirus and Firewall software is about to kick you in the a**.

These models below are affected, and the administration panel can easily hacked into- just by changing the user string that your browser sends. The user string, as some people know it, is the clumsy and slow way that web browsers tell servers how to display the information. That's why you get mobile sites on your smartphone, Internet Explorer 8 and below displays pages horribly, and how YouTube knows you need a flash update. And that silly little thing could allow someone to steal all of your information.

Here are the known hackable D-Link routers (there's probably more, it's like cockroaches)

  • DIR-100
  • DI-524
  • DI-524UP
  • DI-604S
  • DI-604UP
  • DI-604+
  • TM-G5240

For those of you interested in the "backdoor" look at how this backdoor was found, here ya go: http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/

Remember these big tips:
WPS is bad, bad, bad.
UPnP can make life easier, it can cost you a fortune.
If your router doesn't support WPA2, buy a new one.
MAC Address Filtering does nothing but deter wannabe hackers.
Ever heard of packet sniffing? Perhaps it's time to use a VPN depending on the work you do, and where you do it.

Good luck everyone, and stay safe. Remember, don't click on those pop-up ads. ;)

  • Like 3
Link to comment
Share on other sites
NoOne Newbie

NoOne

Posted
Posted

What are your thoughts on guest networks?

 

I think using Mac Address Filtering is a good idea, but dealing with family and friends coming over makes it a pain to have to configure the router every time.  I have a Netgear N750 that has a guest network option that allows internet access without access to network resources (shares, drives, printers).  I am weary about using that option.  

Link to comment
Share on other sites
Xernicus Newbie

Xernicus

Posted
  • Author
Posted

What are your thoughts on guest networks?

 

I think using Mac Address Filtering is a good idea, but dealing with family and friends coming over makes it a pain to have to configure the router every time.  I have a Netgear N750 that has a guest network option that allows internet access without access to network resources (shares, drives, printers).  I am weary about using that option.  

Here's the thing about MAC address filtering that is... what you could call the downside. Let's say I'm using your wi-fi with your permission. It would be super easy for me to run a tool like wireshark, get a list of all of the known MAC addresses that are on the device table, and so- the next time I come cruising through, I spoof my MAC address on my network card, and boom. Instant access. With a bit of more work, I being a hipster neighbor or something that doesn't believe in paying for anything, could analyze your network traffic, decrypt it, look at the known MAC addresses, and once again, spoof the information. There's a small likelihood of it happening, but the user base of people that are doing this is growing at a steady rate. And it's getting easier to do as the tools get more user friendly.

 

I think of it like this (because I had this happen to me once, in the dead of winter, of all times)- someone breaks into your car, and you have your glove compartment locked. And because they're too drugged up and drunk to get through the proper way, they get pissed off that it's locked, and they smash up your dash and your windows.

 

As for guest networks, the router doesn't know what traffic is what, for the most part. That's an option that still allows them full access to your network, because they're simply connected. Once you're connected, you've got access to everything with knowledge and patience.

What I would do in your case is have two wireless routers, hooked up to your gateway router (or one extra wireless router, if your gateway router has a wireless feature), and have that used for guest traffic. It'll be it's own network, and therefore you don't have to worry about someone having access to your network shares. If you want to go the full mile, set up a different subnet. But generally, as long as the two routers aren't bridged, they basically won't talk to each other- and therefore, everything is safe.

 

Hope I helped :)

Link to comment
Share on other sites
NoOne Newbie

NoOne

Posted
Posted

That is great information.  Thank you very much for putting that together.  I do like the idea of setting up a 2nd router for a guest network.  Turn off broadcasting on my main network and lock it down as much as I can.  Plus it would make it easier to track who is chewing up bandwidth or trying to hack into the empty guest network.  That is really a great idea.... going to best buy tonight.  :)

 

Thank you!!

Innis&Gunn

Link to comment
Share on other sites
S3ti Newbie

S3ti

Posted
Posted

Just don't use Wifi if you want to be really safe, disable everything you don't need. WiFi can always be sniffed no matter what and with a little patience + cloud cracking even WPA can be hacked in an acceptable time.

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

About Us

We are glad you decided to stop by our website and servers. At Fearless Assassins Gaming Community (=F|A=) we strive to bring you the best gaming experience possible. With helpful admins, custom maps and good server regulars your gaming experience should be grand! We love to have fun by playing online games especially W:ET, Call of Duty Series, Counter Strike: Series, Minecraft, Insurgency, DOI, Sandstorm, RUST, Team Fortress Series & Battlefield Series and if you like to do same then join us! Here, you can make worldwide friends while enjoying the game. Anyone from any race and country speaking any language can join our Discord and gaming servers. We have clan members from US, Canada, Europe, Sri Lanka, India, Japan, Australia, Brazil, UK, Austria, Poland, Finland, Turkey, Russia, Germany and many other countries. It doesn't matter how much good you are in the game or how much good English you speak. We believe in making new friends from all over the world. If you want to have fun and want to make new friends join up our gaming servers and our VoIP servers any day and at any time. At =F|A= we are all players first and then admins when someone needs our help or support on server.

Player Gaming Stats for =F|A= Servers.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept