ADSL Router Security in the crosshairs

It’s long been a bugbear of mine when ADSL modems are used at the perimeter of networks as the security device/firewall. Including the fact that many of these units are made to the lowest cost possible and have many vulnerabilities, they are holy unsuited to the task of providing decent security. That’s why I always switch them to bridge mode where possible and use a proper firewall behind them.

The issues of ADSL routers include but are not limited to:

  • default password not changed
  • external management/administration switched on
  • software vulnerabilities ( including XSS and DNS reflection issues )

Many of the recent issues with regards to DDoS attacks are related to the unauthorised use of ADSL modems that either have public management switched on with default passwords, or vulnerabilities that have been exploited. The process goes as follows:

  • Use the CSRF ( cross site forgery request ) vulnerability in Broadcom-based routers to access the admin console without requiring the password
  • Change the routers DNS server(s) to point to a a malicious DNS server
  • Change the router’s password so the rightful owner can no longer get in
  • When going to a site, the malicious DNS server sends the user to an alternate location
  • At the alternate location, the user downloads what they think is a valid installation file but which is in fact an infected or malicious file
  • Install malware onto the user’s machines to log keystrokes and steal files

A recent ITWeb article singled out the Dlink 2750 modem, however, many modems from many vendors are susceptible to attacks should they be vulnerable or configured incorrectly. Read the fascinating article on how 4.5 million routers were hacked in Brazil.

It’s up to the end user to configure the units correctly and safely, or contract a security person to do so. Remember you are responsible for your data and security.