[lug] Got D-Link? Got rooted?

William D. Knoche bill.knoche at gmail.com
Fri Oct 25 14:50:59 MDT 2013 

If you saved the config off or at least know what you need doing a 
master reset, updating the firmware to the lastest and restoring your 
config is probably a good first step.
Over the years there have been attacks on Netgear and Linksys as well 
(anmd probably every other router, too). It is a hostile world out there 
and they are really good at finding targets.
You can't run, you can't hide and you can't get out of the game.
The best we seem to be able to do is plug the holes as we find them.
Lots of folks have had good luck with OpenWRT but my only experience is 
on Linksys. Good news and bad news is that you have a lot more 
flexibility but also can leave yourself vulnerable if not really careful.

--bill

On 10/25/2013 11:54 AM, Davide Del Vento wrote:
> I have one of these (and I do have some strong passwords for it).
> It is not clear to me what I should do to check if I'm affected (other 
> than perhaps installing OpenWRT or derivative in it -- which is 
> something in my todo list "for when I'll have time", which with the 
> consequences of the flood still here has become even later than the 
> previous "probably never").
> Suggestions?
> Cheers,
> Davide
>
>
> On Fri, Oct 25, 2013 at 10:48 AM, George S. <georges at mhsoftware.com 
> <mailto:georges at mhsoftware.com>> wrote:
>
>     I ran into a case where a customer's router had been reconfigured
>     so that the DHCP server was handing out DNS servers in Russia.
>     They noticed it when the DNS servers went offline, and anyone
>     using DHCP couldn't actually do anything on the internet.
>
>     They had never set a password for the admin account in the device.
>
>
>     On 10/20/13 5:59 PM, Bear Giles wrote:
>>     Magic user agent: |xmlset_roodkcableoj28840ybtide|. (read it
>>     backwards)
>>
>>     http://www.infoworld.com/d/security/backdoor-found-in-d-link-router-firmware-code-228725
>>
>>
>>     _______________________________________________
>>     Web Page:http://lug.boulder.co.us
>>     Mailing List:http://lists.lug.boulder.co.us/mailman/listinfo/lug
>>     Join us on IRC:irc.hackingsociety.org  <http://irc.hackingsociety.org>  port=6667 channel=#hackingsociety
>
>     -- 
>     George Sexton
>     MH Software, Inc.
>     303 438-9585  <tel:303%20438-9585>
>     http://www.mhsoftware.com/
>
>
>     _______________________________________________
>     Web Page: http://lug.boulder.co.us
>     Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>     Join us on IRC: irc.hackingsociety.org
>     <http://irc.hackingsociety.org> port=6667 channel=#hackingsociety
>
>
>
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety

More information about the LUG mailing list