Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User Moto
(fountain of knowledge) Thu 18-Dec-14 22:16:26
Print Post

Router vulnerability


[link to this post]
 
Misfortune Cookie is a critical vulnerability that allows an intruder to remotely take over an Internet router and use it to attack home and business networks

http://mis.fortunecook.ie/misfortune-cookie-suspecte...

Scroll down for affected models

laugh A friend surfing in laugh
Standard User Lethe
(fountain of knowledge) Fri 19-Dec-14 15:31:51
Print Post

Re: Router vulnerability


[re: Moto] [link to this post]
 
Remember that is not a complete nor an exhaustive list - you need to check your router using wireshark/nmap and whatever.

I run a DMZ for my web server, so the router is not exposed on the front line - so maybe if you do have an option to add a DMZ on your router (and do not need access outside away from your network (who does?)) turn it on and point it to 0.0.0.0 then any requests from the cloud to access the router will fail.

Nick
Standard User Ignitionnet
(knowledge is power) Fri 19-Dec-14 22:50:59
Print Post

Re: Router vulnerability


[re: Lethe] [link to this post]
 
In reply to a post by Lethe:
Remember that is not a complete nor an exhaustive list - you need to check your router using wireshark/nmap and whatever.

I run a DMZ for my web server, so the router is not exposed on the front line - so maybe if you do have an option to add a DMZ on your router (and do not need access outside away from your network (who does?)) turn it on and point it to 0.0.0.0 then any requests from the cloud to access the router will fail.

Nick


Does that work? If the router has a service listening on the port it must respond, else if it doesn't have a service running on the port or have a NAT entry in place it should drop the connection?

I'm not saying you're wrong I'm just confused at the idea that a DMZ would take precedence over a listening service on the router as far as packets directed to it go. I'd have thought it'd look at its own kernel routing table before running through a NAT table.


Register (or login) on our website and you will not see this ad.

Standard User dragon2611
(committed) Sun 11-Jan-15 11:17:33
Print Post

Re: Router vulnerability


[re: Ignitionnet] [link to this post]
 
In reply to a post by Ignitionnet:
In reply to a post by Lethe:
Remember that is not a complete nor an exhaustive list - you need to check your router using wireshark/nmap and whatever.

I run a DMZ for my web server, so the router is not exposed on the front line - so maybe if you do have an option to add a DMZ on your router (and do not need access outside away from your network (who does?)) turn it on and point it to 0.0.0.0 then any requests from the cloud to access the router will fail.

Nick


Does that work? If the router has a service listening on the port it must respond, else if it doesn't have a service running on the port or have a NAT entry in place it should drop the connection?

I'm not saying you're wrong I'm just confused at the idea that a DMZ would take precedence over a listening service on the router as far as packets directed to it go. I'd have thought it'd look at its own kernel routing table before running through a NAT table.


Depends on the router.

Quite a few of them it's NAT > Firewall > Service in that order.

It's caught a few people out before when setting firewall rules up as when the firewall policy gets applied after the NAT the destination for the F/W rule is the internal IP not the external one wink
  Print Thread

Jump to