Comment Re:Retarded (Score 1) 165
Modern attacks are getting multi-faceted; witness Storm. Attacking a router would be only one step in a complex attack.
After a computer or router gets access to another router, there are two options available, and one or both can be implemented:
1. Download an appropriate image from a server to put on the attacked router.
2. Adjust the router settings to give DMZ access to the computers in the WLAN. If the router does not report IPs or names of computers within the WLAN, then a scan could be done, one computer at a time, changing the DMZ from one IP to the next. May be slow, but who's waiting?
If it cannot flash the firmware, then option 2 is still available.
Once it has inside access to the WLAN, it can sniff the WLAN for passwords, etc., which would let it infect one of the computers. This would basically be halfway an inside job. It probably doesn't really matter if a router is infected or a computer is infected; either can do the dirty work desired by botnets.
Once a hard-wired computer is infected, it can then re-flash the router. The best protection against this would be to have a hardware switch, or, as someone else suggested (which is better, since it still allows remote management), use a number on the bottom of the device as a password.
If a model of router is discovered that the worm does not recognize, it can send the data (webpage or telnet screen) back to headquarters for someone to look at and research and find out how to manipulate. Thus, the worm would be able to attack more models of router as time goes by. A firmware flash is unlikely for most routers, but as long as the computers inside the WLAN can be infected, it doesn't really matter. However, if a router AND computer are infected, then if the user fixes one, the other can reinfect. Ditto for infecting multiple computers inside a WLAN.
After a computer or router gets access to another router, there are two options available, and one or both can be implemented:
1. Download an appropriate image from a server to put on the attacked router.
2. Adjust the router settings to give DMZ access to the computers in the WLAN. If the router does not report IPs or names of computers within the WLAN, then a scan could be done, one computer at a time, changing the DMZ from one IP to the next. May be slow, but who's waiting?
If it cannot flash the firmware, then option 2 is still available.
Once it has inside access to the WLAN, it can sniff the WLAN for passwords, etc., which would let it infect one of the computers. This would basically be halfway an inside job. It probably doesn't really matter if a router is infected or a computer is infected; either can do the dirty work desired by botnets.
Once a hard-wired computer is infected, it can then re-flash the router. The best protection against this would be to have a hardware switch, or, as someone else suggested (which is better, since it still allows remote management), use a number on the bottom of the device as a password.
If a model of router is discovered that the worm does not recognize, it can send the data (webpage or telnet screen) back to headquarters for someone to look at and research and find out how to manipulate. Thus, the worm would be able to attack more models of router as time goes by. A firmware flash is unlikely for most routers, but as long as the computers inside the WLAN can be infected, it doesn't really matter. However, if a router AND computer are infected, then if the user fixes one, the other can reinfect. Ditto for infecting multiple computers inside a WLAN.
