[nsp-sec] dlink router worm or dlink compromise leads to infectedPCs?
Daniel Schwalbe
dfs at cac.washington.edu
Mon Mar 24 13:35:39 EDT 2008
When I went looking with my trusty Cantenna a little while ago, I was able
to pick up almost a dozen wireless APs with the default SSID of 'DLINK'
from the roof of my office building. Most of them did not have any
security or restrictions enabled.
While not economical to facilitate mass spreading (because physical
proximity is required), it's a good way to get to people that otherwise
manage to secure their laptops fairly well, eg. miscreants haven't
managed to drop any malware onto it the "conventional" way.
Combine that with the fact that a good amount of the 'Free WiFi'
establishments in the area are running LinkSys gear, you've got a pretty
decent user population to do evil things to, like mess-with-DNS etc.
>From one of the more popular 'Free WiFi' joints in the area, we see more
than 400 unique 'logins' to our central authentication services. That's a
few thousand users in the area close to campus one could easily 0wn
without much legwork. Great.
_______________________________________________________
Daniel Schwalbe, CISSP dfs at u.washington.edu
Lead Security Engineer +1(206) 221-7000
University of Washington UW Technology Services
PGP: E2DD CE57 62F4 0F22 CA09 37AB CA69 A2A3 1A45 0BF7
On Sun, 23 Mar 2008, Chris Morrow wrote:
> ----------- nsp-security Confidential --------
>
>
>
> On Sat, 22 Mar 2008, Rob Thomas wrote:
>
>> ----------- nsp-security Confidential --------
>> Based on what we've found, I'd be worried about Dlink and not worried
>> (yet) about Busybox.
>
> because the bot compromises a host behind to compromise the busybox via
> the web-management interface??
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>
More information about the nsp-security
mailing list