copyright
|
disclaimer
|
privacy
|
contact
HOME
About
AusCERT
Membership
Contact Us
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
Login »
Become a member »
Home
»
Publications
»
AusCERT Web Log
» Have you flashed your router?
Have you flashed your router?
Date:
14 January 2008
Click here for printable version
No I'm not talking about upgrading your firmware on your router. Neither am I talking about other nefarious types of flashing. I'm in fact talking about the fact that via an Adobe Flash file one can modify your router settings.
"Yeah right!", I hear you say.
Would I lie to you?
No I wouldn't. So, I'll get to the crux of the situation.
Via a maliciously crafted flash file, a remote unauthenticated attacker could modify your router settings to almost anything he requires. Such things as adding a port forward, changing DNS settings to a server he controls or setup a proxy via it.
All this is enabled via the protocol UPnP or Universal Plug and Play which allows devices and software to "auto-magically" configure devices on the network.
So should you turn it off?
YES! But it will likely break things.
Worth it? YES! You will have to manually correct the routers so you can continue to play your games, ahem, I mean so your systems remain running.
Original blog can be found here: http://www.gnucitizen.org/blog/hacking-the-interwebs
Cheers,
Zane
Comments? Click here
http://www.auscert.org.au/render.html?cid=7066&it=8643