republican-creole
site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Drive By Pharming > Inherent Flaw In Efficacy Of Attack Vector

Search Topic:
 Uniqs:
60		 Share Topic
Post a:
Post a:
AuthorAll Replies


PosterDude

@rr.com

Inherent Flaw In Efficacy Of Attack Vector

In order for this sort of "attack" to work, the javascript must know the gateway's ("router's") specific configuration URLs.

For example, my D-Link DI-624 version C3 with firmware version 2.75 Build 2 has the following URL for configuring the DNS servers manually:

»192.168.0.1/h_wan_dhcp.html

Notice that the javascript would need to be able to adjust to different IP addresses for the local gateway IP address (not that difficult), and, for the different configuration page name (difficult), and for the specific format of sending configuration data via URL (extremely difficult).

And obviously, that posted configuration URL doesnt show the format that the URL has to be in to send new configuration data on that page.

And thats just for one version of firmware, on one specific model of gateway, from one specific vendor.

Indeed, I've noticed that the URL (page name) for specific configuration pages has CHANGED from one firmware version to another, just with this model.

So, obviously, "one size fits all" URL/page name code in the javascript, is impossible. That means the code would have to be written in such a way as to be able to detect different vendors/models/firmware versions of the gateways, and be PRECODED with the specific URLs for EACH FIRMWARE VERSION OF EACH MODEL OF EACH VENDOR.

Clearly, no small task, at all.

In fact, a company (Pure Networks) attempted just such a feat a few years ago with a product named "Port Magic" that was designed to configure your gateway for port forwarding. It attempted to do so by just the same means as this supposed javascript does. Needless to say, they have long since discontinued the product, and no longer support it (I'm sure the insurmountable task of keeping a database of all the different vendors/models/firmware versions of different gateways and their different configuration URLs had nothing to do with it)

From the PDF:
"(5) The script attempts to
change the discovered router’s settings."

Attempts is the right word there. Its just not going to happen, what with the different page names/URLS/data formats that all the different firmware versions and models of gateway have.

Regardless, susceptibility to this method of attack is very low (I'd say probably less than 1 %) even without a password or with a default password, contrary to the silly 50% claimed.
to forum · permalink · 2007-02-15 13:04:01 ·
Forums > Drive By Pharming

Monday, 28-May 19:11:45 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics