Send Bristol mailing list submissions to
bristol@mailman.lug.org.uk
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.lug.org.uk/mailman/listinfo/bristol
or, via email, send a message with subject or body 'help' to
bristol-request@mailman.lug.org.uk
You can reach the person managing the list at
bristol-owner@mailman.lug.org.uk
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Bristol digest..."
Today's Topics:
1. DNS reset? (david)
2. Re: DNS reset? (Alex Butcher)
3. Re: DNS reset? (Alex Butcher)
4. Re: DNS reset? (Alex Butcher)
5. Re: DNS reset? (david)
6. Re: DNS reset? (Simon Iremonger (bblug))
7. Re: DNS reset? (Steve King)
----------------------------------------------------------------------
Message: 1
Date: Tue, 10 Jun 2014 14:17:31 +0100
From: david <david@avoncliff.com>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>
Subject: [bristol] DNS reset?
Message-ID: <5397056B.4050806@avoncliff.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
I have been having trouble with my adsl modem DNS setting changing.
It has happened a couple of times now and when it is set to 23 110 194
66 all the access to google is very slow and popups appear saying flash
is out of date and forcing download of setup.exe.
I have seen stories of hacking modems, but have not seen TP-link
TD-8840T listed as vulnerable, but it does look like remote access is
allowed by default so that is now off.
Has anyone else seen this type of problem?
David
------------------------------
Message: 2
Date: Tue, 10 Jun 2014 14:41:28 +0100 (BST)
From: Alex Butcher <lug@assursys.co.uk>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>
Subject: Re: [bristol] DNS reset?
Message-ID: <alpine.LFD.2.03.1406101439560.11644@nffheflf.pb.hx>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
On Tue, 10 Jun 2014, david wrote:
> I have been having trouble with my adsl modem DNS setting changing.
> It has happened a couple of times now and when it is set to 23 110 194 66 all
> the access to google is very slow and popups appear saying flash is out of
> date and forcing download of setup.exe.
> I have seen stories of hacking modems, but have not seen TP-link TD-8840T
> listed as vulnerable, but it does look like remote access is allowed by
> default so that is now off.
>
> Has anyone else seen this type of problem?
Not personally, but I never leave web admin on my routers exposed to the
Internet.
The symptoms you describe seem consistent with
<http://arstechnica.com/security/2014/03/hackers-hijack-300000-plus-wireless-routers-make-malicious-changes/>,
though the DNS address differs. They've probably moved on after being busted
by their former hosts.
Best Regards,
Alex
------------------------------
Message: 3
Date: Tue, 10 Jun 2014 14:46:13 +0100 (BST)
From: Alex Butcher <lug@assursys.co.uk>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>
Subject: Re: [bristol] DNS reset?
Message-ID: <alpine.LFD.2.03.1406101445330.11644@nffheflf.pb.hx>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
On Tue, 10 Jun 2014, david wrote:
> have not seen TP-link TD-8840T
> listed as vulnerable
FYI:
"The first vulnerability was tested successfully against a TP-Link TD-8840T
router running firmware version 3.0.0 build 120531 that was one of the first
victim devices identified in the attack campaign"
<http://www.pcadvisor.co.uk/news/network-wifi/3505138/attack-campaign-compromises-300000-home-routers-alters-dns-settings/>
------------------------------
Message: 4
Date: Tue, 10 Jun 2014 14:49:06 +0100 (BST)
From: Alex Butcher <lug@assursys.co.uk>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>
Subject: Re: [bristol] DNS reset?
Message-ID: <alpine.LFD.2.03.1406101448490.11644@nffheflf.pb.hx>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
On Tue, 10 Jun 2014, Alex Butcher wrote:
> On Tue, 10 Jun 2014, david wrote:
>
>> have not seen TP-link TD-8840T listed as vulnerable
>
> FYI:
>
> "The first vulnerability was tested successfully against a TP-Link TD-8840T
> router running firmware version 3.0.0 build 120531 that was one of the first
> victim devices identified in the attack campaign"
>
> <http://www.pcadvisor.co.uk/news/network-wifi/3505138/attack-campaign-compromises-300000-home-routers-alters-dns-settings/>
Also:
<http://community.plus.net/forum/index.php?action=printpage;topic=124783.0>
------------------------------
Message: 5
Date: Tue, 10 Jun 2014 20:10:43 +0100
From: david <david@avoncliff.com>
To: bristol@mailman.lug.org.uk
Subject: Re: [bristol] DNS reset?
Message-ID: <53975833.7080307@avoncliff.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 10/06/14 14:49, Alex Butcher wrote:
>
> Also:
> <http://community.plus.net/forum/index.php?action=printpage;topic=124783.0>
>
Thanks.
Looks like time for a firmware update.
I thought I had turned off any external exposure, but turns out the
remote management does not have an off setting, instead you have to turn
on ACL and set it for LAN only. Makes sense but it is not obvious if you
are looking to turn off everything not needed.
David
------------------------------
Message: 6
Date: Tue, 10 Jun 2014 23:02:12 +0000
From: "Simon Iremonger (bblug)" <bblug@iremonger.me.uk>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>
Subject: Re: [bristol] DNS reset?
Message-ID: <53978E74.7040306@iremonger.me.uk>
Content-Type: text/plain; charset=ISO-8859-1
On 2014-06-10 19:10, david wrote:
> On 10/06/14 14:49, Alex Butcher wrote:
> I thought I had turned off any external exposure, but turns out the
> remote management does not have an off setting, instead you have to turn
> on ACL and set it for LAN only. Makes sense but it is not obvious if you
> are looking to turn off everything not needed. David
Even then this is not enough always...
One problem that happens, is websites running javascript/image
queries/etc. in your browser session, which then LOCALLY access
'common ips and logins for routers' and reconfigure router from
LAN side, using information from internet side ... !
Don't assume the ""attack"" comes from ""outside"".
Basically, with most consumery routers, need to change the
password to something nonguessable/nonstandard etc...!
--Simon
--Simon
------------------------------
Message: 7
Date: Wed, 11 Jun 2014 10:00:15 +0100
From: "Steve King" <debian@invux.com>
To: "Bristol and Bath Linux User Group" <bristol@mailman.lug.org.uk>
Subject: Re: [bristol] DNS reset?
Message-ID:
<e948aabfbcd0f32d74152c1973cd949f.squirrel@dazzle.invux.com>
Content-Type: text/plain;charset=iso-8859-1
> On 10/06/14 14:49, Alex Butcher wrote:
>
>>
>> Also:
>> <http://community.plus.net/forum/index.php?action=printpage;topic=124783.0>
>>
>
> Thanks.
> Looks like time for a firmware update.
> I thought I had turned off any external exposure, but turns out the
> remote management does not have an off setting, instead you have to turn
> on ACL and set it for LAN only. Makes sense but it is not obvious if you
> are looking to turn off everything not needed.
> David
>
I don't use my router to do anything as important as DNS for me. I manage
my network from a linux box, which provides DHCP and DNS for everything
else.
And I block all outgoing DNS requests except from my forwarding server.
It is not just routers that can have their DNS settings maliciously adjusted.
--
Steve
------------------------------
_______________________________________________
Bristol mailing list
Bristol@mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/bristol
End of Bristol Digest, Vol 554, Issue 1
***************************************
Tidak ada komentar:
Posting Komentar