Extraneous Network Services Leave Home Routers Unsecure 63
An anonymous reader writes "Today's home routers include a multitude of extra functionality, such as the ability to act as a file and print server. An article from CNET shows how an attacker can use vulnerabilities in these services, such as buffer overflows, directory traversal, race conditions, command injections, and bad permissions to take over the router from the local network without knowing the administrative password. Some of the worst vulnerabilities were in undocumented, proprietary services that users cannot disable and allowed an attacker to achieve a root shell. The researchers who discovered the vulnerabilities will be demonstrating them at the Wall of Sheep and Wireless Village at DEF CON."
Re:slownewsday (Score:5, Insightful)
I suppose there must've been some new attacks demonstrated. If it was against OpenWRT and its siblings, then probably I'd like to hear about it. All the other proprietary firmwares are assumed to be vulnerable by everybody who cares. Heck, there are still millions of devices running UPnP on the WAN port out there and "nobody" cares.
and that's why (Score:5, Insightful)
routers should route and probably run access control lists and other firewall stuff like expose some ports in your dmz.
servers should serve.
Servers route poorly, routers serve poorly.
Re:and that's why (Score:2, Insightful)
NAT does not equal security. NAT is not a function of the firewall either. NAT is a function of IPv4, because we would have run out of addresses long ago. A firewall whether stateful or not tracks connections and will deny erroneous ones. A firewall will inspect the packet to make sure it meets the necessary criteria. NAT does not. Please don't conflate the two.