Results 1 to 7 of 7

Thread: Attacks on DNS settings in routers

  1. #1
    zaswing Guest

    Default Attacks on DNS settings in routers


  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Attacks on DNS settings in routers

    LOL the old secuarity standards still hold up - change the default account name and password in a router to enhance security. Oldsod
    Best regards.
    oldsod

  3. #3
    zaswing Guest

    Default Re: Attacks on DNS settings in routers

    Me too (LOL)
    In case people are out of ideas for cool passwords, the kind Bill Gates offers as a product key -
    https://www.grc.com/passwords.htm

    Oldsod, so how long does the darn thing have to be? I've been up to 20 characters of various kinds wherever a serious pasword required. And I'm sick and tired using long ones, and if firmware can be updated in the router, can't they hack it anyway?

    One more question. Let's say the router gets hacked and DNS points to some thiefs dot com site. Then the damage control is in ZA's hands isn't it? And TCP/IP properties?

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Attacks on DNS settings in routers


    <blockquote><hr>zasuiteuser wrote:
    Me too (LOL)
    In case people are out of ideas for cool passwords, the kind Bill Gates offers as a product key -
    https://www.grc.com/passwords.htm

    Oldsod, so how long does the darn thing have to be? I've been up to 20 characters of various kinds wherever a serious pasword required. And I'm sick and tired using long ones, and if firmware can be updated in the router, can't they hack it anyway?

    One more question. Let's say the router gets hacked and DNS points to some thiefs dot com site. Then the damage control is in ZA's hands isn't it? And TCP/IP properties?
    <hr></blockquote>


    Usually the best password is one:[*]not a definite word in the dictionary[*]has both numbers and capitals[*]longer the better - some say 14 characters or longer is the best[*]includes symbols
    Yes many can be hacked, but it takes a lot processing power and time if the password gets more difficult. Some could take years to crack. But even the password in windows can be beaten (and the password in the BIOS).

    If the router is the DNS server, then the issue is valid. Both the ZA and the windows readily will accept the host name lookups received from the router. Neither one can verify the IP given for the urls.
    If the router is not the DNS server, then the ZA and the windows will not break.
    But I suppose the m ca fee site advisor or the browser's phishing filters may catch the false sites.
    Cheers, Oldsod
    Best regards.
    oldsod

  5. #5
    Join Date
    Mar 2004
    Location
    Brisbane, Australia
    Posts
    645

    Default Re: Attacks on DNS settings in routers

    A password can be any combination of characters in the ASCII character space. Most people use the keyboard accessible characters (letters numbers and symbols) but if you hold down the &lt;Alt&gt; key and type a number between 000 and 255 on the numeric keypad (with NumLock on) you can get any character within the ASCII character space.

    An 8 character password using the standard letters and symbols has about 6 * 10<sup>15</sup> combinations and takes 64 years to crack using a brute force attack of 3 million passwords per second.

    An 8 character password using the 256 ASCII character space has about 2 * 10<sup>19</sup> combinations and takes ~190,000 years to crack at 3 million passwords per second.

    A 5 character WEP key using the standard letters and symbols has about 7 * 10<sup>9</sup> combinations and can be cracked in about 1 hour.
    A 5 character WEP key using the 256 ASCII character space has about 10<sup>12</sup> combinations and can be cracked in about 4 days.

    A 13 character WEP key using the standard letters and symbols has about 4 * 10<sup>25</sup> combinations and can be cracked in about 470 billion years.
    A 13 character WEP key using the 256 ASCII character space has about 2 * 10<sup>31</sup> combinations and can be cracked in about 2 * 10<sup>17</sup> years.

    A word about Windows passwords. A Windows password is only 7 characters long. Even if its more, it is just strings of 7 character password linked together and both parts can be found from a brute force attack of 7 character passwords. Nice one Bill!

    To generate secure passwords, I use a great little utility called "Password Generator XP" or pasgen.exe which you can download free of charge from Mar Software:-

    http://www.securesafepro.com/pasgen.php

    Message Edited by FrereOP on 01-25-2008 01:29 PM

  6. #6
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,465

    Default Home Router attack serves up counterfeit pages

    <P style="LINE-HEIGHT: 13.5pt">Is your router at risk?
    Some criminals are attacking home routers. They re sending e-mail messages with malicious JavaScript code. The code can change a router s DNS settings. Victims are redirected to phony Web sites, which steal banking credentials.

    A security researcher says he has observed criminals using a new form of attack that causes victims to visit spoofed banking pages by secretly making changes to their high-speed home routers.

    According to Symantec researcher Zulfikar Ramzan, the attack changes a router's settings controlling the domain name system server that translates domain names like theregister.co.uk into numerical IP address.

    Malicious javascript code embedded into one email message he uncovered caused the URL for a popular Mexico-based bank to map to a fraudulent website controlled by the attackers. Anyone who tried to do business on the rogue site would have their banking credentials lifted.<P style="LINE-HEIGHT: 13.5pt"><xml:namespace prefix = o ns = "urn:schemas-microsoft-comfficeffice" /><o>http://www.theregister.co.uk/2008/01...k_in_the_wild/</o><P style="LINE-HEIGHT: 13.5pt"><o></o><P style="LINE-HEIGHT: 13.5pt"><o></o>

    Operating System:Windows Vista Home Premium
    Software Version:7.1 (Vista)
    Product Name:ZoneAlarm Pro
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: Home Router attack serves up counterfeit pages

    Hi!
    be aware that the next wave of attacks will use UPnP feature on routers...
    This will allow the attacker to change DNS settings even if the router is password protected.

    Secure solution: Turn OFF UPnP on the router.
    Alternative less secure solution: Change IP of the router.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •