«

In article <>,
DLipman~nospam~@Verizon.Net says...
> The Router itself can not be "infected" such there is malware now running on that
> appliance. It becomes compromised where it acts on behalf of the malicious actor's
> desires by altering its settings.
>

Many routers no permit uploading an OS or other to their firmware - so,
technically, I believe you could load an OS that would support a virus
or other.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
(remove 999 for proper email address)

David H. Lipman wrote:
> From: "Leythos" <>
>
>
> | Many routers no permit uploading an OS or other to their firmware - so,
> | technically, I believe you could load an OS that would support a virus
> | or other.
>
> You mean flash a new firmware ?
>
> It would NOT support a virus/malware. It would have to be malicious code embedded within
> the firmware image.

I don't see why you wouldn't call it malware, isn't that malicious code?

> The problem here is what model ?
> While you can do a dictionary attack on know passwords, you can't assume a particular
> model SOHO Router. There are so many models out there -- which one ?

True, but if you telnet or web-browse in and it says "Linksys 826e" in
the banner then it might well be worth trying admin/password There
are an awful lot of very badly configured home routers out there.

> To date, I have not heard of this occuring with *any* models.

I had a vague recollection reading about it around a year or so ago, but
must confess I can't find anything now, so maybe I didn't remember
correctly.
>
>

In article <>,
DLipman~nospam~@Verizon.Net says...
>
> From: "Leythos" <>
>
>
> | Many routers no permit uploading an OS or other to their firmware - so,
> | technically, I believe you could load an OS that would support a virus
> | or other.
>
> You mean flash a new firmware ?
>
> It would NOT support a virus/malware. It would have to be malicious code embedded within
> the firmware image.
>
> The problem here is what model ?
> While you can do a dictionary attack on know passwords, you can't assume a particular
> model SOHO Router. There are so many models out there -- which one ?
>
> To date, I have not heard of this occuring with *any* models.

Me either, but, my thought was that if it can be programmed it can be
infected. I've seen many open-source replacements for Linksys routers,
it could be possible to compromise one at the firmware level.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
(remove 999 for proper email address)

Yes, a router can be infected. See below.

"David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:
> Yes, there are some 3rd party firmware for a couple of Wireless
> Linksys Routers. So there is the possibility that a malicious
> firmware could be conceived.

David,

You're a bit behind on this impression i'm afraid. It's way more than
a couple. And it's way more than Linksys:
http://www.dd-wrt.com/wiki/index.php/Supported_Devices

OpenWRT and Tomato are other popular third party open source firmware
distro's that are basically stripped down Linux for the broadcom
platform.

And to the original poster's question, yes, there are worms for
routers. dd-wrt main page has a link to the psybot worm:
http://www.dd-wrt.com/dd-wrtv3/index.php
specifically
http://www.dd-wrt.com/dd-wrtv3/commu...uter-worm.html


--
Todd H.
http://www.toddh.net/

Todd H. wrote:
> Yes, a router can be infected. See below.
>
> "David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:
>> Yes, there are some 3rd party firmware for a couple of Wireless
>> Linksys Routers. So there is the possibility that a malicious
>> firmware could be conceived.
>
> David,
>
> You're a bit behind on this impression i'm afraid. It's way more than
> a couple. And it's way more than Linksys:
> http://www.dd-wrt.com/wiki/index.php/Supported_Devices
>
> OpenWRT and Tomato are other popular third party open source firmware
> distro's that are basically stripped down Linux for the broadcom
> platform.
>
> And to the original poster's question, yes, there are worms for
> routers. dd-wrt main page has a link to the psybot worm:
> http://www.dd-wrt.com/dd-wrtv3/index.php
> specifically
> http://www.dd-wrt.com/dd-wrtv3/commu...uter-worm.html
>
>

Interesting snippets, Todd. Thank you!

--
Dave

"David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:

> From: "Todd H." <>
>
>
> | Yes, a router can be infected. See below.
>
> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:
>>> Yes, there are some 3rd party firmware for a couple of Wireless
>>> Linksys Routers. So there is the possibility that a malicious
>>> firmware could be conceived.
>
> | David,
>
> | You're a bit behind on this impression i'm afraid. It's way more than
> | a couple. And it's way more than Linksys:
> | http://www.dd-wrt.com/wiki/index.php/Supported_Devices
>
> | OpenWRT and Tomato are other popular third party open source firmware
> | distro's that are basically stripped down Linux for the broadcom
> | platform.
>
> | And to the original poster's question, yes, there are worms for
> | routers. dd-wrt main page has a link to the psybot worm:
> | http://www.dd-wrt.com/dd-wrtv3/index.php
> | specifically
> |
> | http://www.dd-wrt.com/dd-wrtv3/commu...uter-worm.html
>
>
> Thank you Todd. You provided information that shows I'm NOT
> up-to-date and wrong.

I'm not sure what you're trying to say here David. I'm getting the
impression you're trying to refute something?

To clarify, my note of not being up to date referred only to the
quoted information regarding the scope of supported platforms for
third party open source firmware.

--
Todd H.
http://www.toddh.net/

"David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:

> From: "Todd H." <>
>
>
>
>>> Thank you Todd. You provided information that shows I'm NOT
>>> up-to-date and wrong.
>
> | I'm not sure what you're trying to say here David. I'm getting the
> | impression you're trying to refute something?
>
> | To clarify, my note of not being up to date referred only to the
> | quoted information regarding the scope of supported platforms for
> | third party open source firmware.
>
> Todd, I am thanking you and saying ...
> You provided information that shows I'm NOT up-to-date and I'm wrong.
>
> I not refruting anything, I'm admitting my mistake.

Gotcha. Hard to read ASCII accents sometimes.


--
Todd H.
http://www.toddh.net/