2Wire Security Issue

[Allitnil]

Some while ago there was a thread here about a security vulnerability in 2Wire routers (including the 2700). At the time I posted that you would be OK if you had a password set. Apparently I was wrong as the password can be altered without your knowing about it

Please see this threadthread for details. Unfortunately there is no way to be completely secure but that thread details several steps which if followed would make it considerably less likely that your router could be compromised.

Apparently the threat is now in the "wild" so you are at risk if you are still using the default router IP address and/or allow use of the 'home' and 'gateway.2wire.net' domains.

[Rik]

Thanks for that - it seems we need more vigilance than ever before.

[Danni]

Thank you for that. I'll ensure Colin's router gets secured.

[Sebby]

Thanks for this - useful to know. I'm still not overly concerned, but it's always a good idea to be put something in place to make these things less likely.

[Ann]

Well I don't have a clue what's being talked about.  What are the dangers.. what is likely to happen if I don't do anything?

[Sebby]

IMHO, Ann, I'd say nothing. The vulnerability is there, but you'd have to visit a site that takes advantage of it. Firstly, I'd say such sites are likely to be pretty sparse, and secondly, employing some common sense (like we all do to avoid things like spyware) the risk is very low.

[Sebby]

One very simple thing you could do, Ann (which is what I've done) is to set Windows to use certain DNS servers (IDNets, or OpenDNS if you prefer), rather than letting Windows use the router for DNS requests. You can still let your PC get a local IP manually.

It won't mean that your router isn't susceptible to the vulnerability, but it will mean that even if it was exploited, it would have no effect as you won't be using the router for DNS lookups.

[somanyholes]

this discloses how simple it is to exploit the 2wire, and its easier than simple..... glad i don't have one 

http://www.securityfocus.com/bid/27246/exploit

[Sebby]

Those with BT firmware should be okay - I suspect the exploit will get plugged. It's those of us with SBC firmware that are less likely to get (or, perhaps, find) an update, but then that's one of the risks we take when we buy a router with no official support channel.

That said, putting a couple of small precautions in place make it even more unlikely to happen.

[somanyholes]

out of interest sebby, what sort of precautions would you put in place?

[Gary]

Those with BT firmware should be okay - I suspect the exploit will get plugged. It's those of us with SBC firmware that are less likely to get (or, perhaps, find) an update, but then that's one of the risks we take when we buy a router with no official support channel.

That said, putting a couple of small precautions in place make it even more unlikely to happen.

Not sure about that Sebby, they said they plugged a hole in their awful home hub, and they had not, hopefully two wire themselves would put out a patch for all 2 wire routers that have this exploit, since its been there since last August I honestly cant see a fix coming fast from BT.

[Sebby]

out of interest sebby, what sort of precautions would you put in place?

Personally, I think that setting the DNSs in Windows, rather than using the router for DNS requests, is ample (and set a password on the router, of course). As I understand it, the exploit allows an attacker to change the DNSs on the router, so you'll go to a site that will appear to be, say, Google, but it's not. If you are not using the router for DNS requests, even if your router was compromised, it would have no effect.

[Sebby]

Not sure about that Sebby, they said they plugged a hole in their awful home hub, and they had not, hopefully two wire themselves would put out a patch for all 2 wire routers that have this exploit, since its been there since last August I honestly cant see a fix coming fast from BT.

Perhaps not straight away, Gary, but they should eventually, especially given that it's their Business Hub.

[somanyholes]

bit more info on here seb, sounds like you need password access before the rest follows, fun fun

http://www.dslreports.com/forum/r19987755-2Wire-Cross-Site-Request-Forgery-Vulnerability

[Rik]

Nothing is simple or safe anymore.

[madasahatter]

Nothing is simple or safe anymore.

especially when Jerry's around causing trouble

[Rik]

Simple would still apply, wouldn't it?

[somanyholes]

  there are many following you out of the door rik 

[Rik]

 

There were quite a few ahead of me, Jerry. 

[Ann]

One very simple thing you could do, Ann (which is what I've done) is to set Windows to use certain DNS servers (IDNets, or OpenDNS if you prefer), rather than letting Windows use the router for DNS requests. You can still let your PC get a local IP manually.

How?

[Rik]

Double-click on the LAN icon in the system tray, select Properties. On the General tab, scroll down to Internet Protocol (TCP/IP), highlight it and select properties. In the resultant dialogue, select Use the following DNS server addresses, and enter either the IDNet servers or OpenDNS.

[Ann]

ok thanks, I've done that. 

[Rik]

By doing it in Windows, Ann, you can change it at any time without dropping the PPP session. This is especially useful when there is an issue at IDNet like the switch failure that occurred a couple of weeks ago. As that took out one of the DNS servers and an authentication server, changing the router settings would have lost the connection, but switching in Windows allowed me to change to OpenDNS and bypass the IDNet DNS servers.

[Ann]

Yes but I found out from somewhere what to put in for the IDNet servers but what do you put in for openDNS? 

And now I can't get to the routers details.. oh I'm going to put it back the way it was and leave well alone...

[Rik]

The OpenDNS servers are 208.67.222.222, 208.67.220.220, Ann.