2Wire Security Issue

Inactive · Apr 12, 2008, 13:49:39

Quote from: Ann on Apr 12, 2008, 10:22:07

And now I can't get to the routers details.. oh I'm going to put it back the way it was and leave well alone...

Very wise Ann, if it ain't broke etc.

Sebby · Apr 12, 2008, 13:57:04

Except it is, In.

Well, not broke us such, but exposed.

Inactive · Apr 12, 2008, 14:07:32

You are all paranoid, I tell ya..

Ann · Apr 12, 2008, 14:16:46

I'd have thought that the worst that can happen is that I get a virus that I can't get rid of in which case I'll format and reinstall the OS. Other than that what can happen?

Sebby · Apr 12, 2008, 14:33:30

Unfortunately, it's worse than that, Ann. What this exploit would do is change the DNS addresses on the router, so you'll type in, say, www.hsbc.co.uk, and it will look like you're on the HSBC website, except you're not.

That's why setting the DNS' on your PC, rather than using the router for requests, would prevent this being a possibility. I can't think why you weren't able to access the router after putting in the settings manually. If you'd like, I'm sure one of us can try and help you get to the bottom of that.

Gary · Apr 14, 2008, 23:47:39

Quote from: Sebby on Apr 09, 2008, 13:21:15
Perhaps not straight away, Gary, but they should eventually, especially given that it's their Business Hub.

True, you would think they would have patched already as its a business hub, but they always leave it late sadly to patch holes for most software/hardware these days

Sebby · Apr 14, 2008, 23:49:21

I think BT have to wait on 2Wire to patch the underlying firmware. Have a look here, though; it looks like the wait might not be too much longer.

Sebby · Apr 15, 2008, 13:55:50

It looks like the BT Business Hub isn't the only hardware offering from BT that has a security flaw.

http://www.theregister.co.uk/2008/04/14/bt_home_hub_encryption_weakness/

somanyholes · Apr 15, 2008, 14:03:27

they do seem to be going round it all the wrong way, it was mentioned recently that sky had a similar issue. when will they learn that preconfigured security doesn't work, make people set their own usernames and passwords, their own wep keys, tell them to write them down, and if they get stuck get help, but noo they don't want to do that because that would increase their call/mail volumes, gits....

Rik · Apr 15, 2008, 14:30:08

QuoteLiversage (the BT press officer) said BT didn't believe any customers have been affected by the default settings, although he didn't explain how the company could even know.

He hasn't yet recovered from trying to explain the Phorm trials, apparently.

somanyholes · Apr 15, 2008, 14:31:21

QuoteHe hasn't yet recovered from trying to explain the Phorm trials, apparently

Sebby · Apr 15, 2008, 18:43:11

Sebby · Aug 26, 2008, 00:39:08

I know this is pretty old now, and it's probably not really a major risk, but I was just messing around with OpenDNS and found something that may be of interest.

You may or may not be aware that with OpenDNS, you can customise a whole array of settings for your network whilst using their servers, such as blocking specific/categories of websites, and so on and so forth.

I came across one setting that would probably prevent the 2Wire security flaw from being an issue. It reads:

QuoteBlock internal IP addresses

When enabled, DNS responses containing IP addresses listed in RFC1918 will be filtered out. This helps to prevent DNS Rebinding attacks. For example, if badstuff.attacker.com points to 192.168.1.1, this option would filter out that response.

The three blocks of IP addresses filtered in responses are:
10.0.0.0 - 10.255.255.255 (10/8)
172.16.0.0 - 172.31.255.255 (172.16/12)
192.168.0.0 - 192.168.255.255 (192.168/16)

There are several other very handy settings there, so it might be worth checking out.

Rik · Aug 26, 2008, 09:36:16

Good tip, Seb.