Re: Can a router be 'infected'?

Discussion in 'Computer Security' started by Leythos, May 19, 2009.

  1. Leythos

    Leythos Guest

    In article <>,
    DLipman~nospam~@Verizon.Net says...
    > The Router itself can not be "infected" such there is malware now running on that
    > appliance. It becomes compromised where it acts on behalf of the malicious actor's
    > desires by altering its settings.
    >


    Many routers no permit uploading an OS or other to their firmware - so,
    technically, I believe you could load an OS that would support a virus
    or other.

    --
    - Igitur qui desiderat pacem, praeparet bellum.
    - Calling an illegal alien an "undocumented worker" is like calling a
    drug dealer an "unlicensed pharmacist"
    (remove 999 for proper email address)
     
    Leythos, May 19, 2009
    #1
    1. Advertising

  2. Leythos

    Martin Guest

    David H. Lipman wrote:
    > From: "Leythos" <>
    >
    >
    > | Many routers no permit uploading an OS or other to their firmware - so,
    > | technically, I believe you could load an OS that would support a virus
    > | or other.
    >
    > You mean flash a new firmware ?
    >
    > It would NOT support a virus/malware. It would have to be malicious code embedded within
    > the firmware image.


    I don't see why you wouldn't call it malware, isn't that malicious code?

    > The problem here is what model ?
    > While you can do a dictionary attack on know passwords, you can't assume a particular
    > model SOHO Router. There are so many models out there -- which one ?


    True, but if you telnet or web-browse in and it says "Linksys 826e" in
    the banner then it might well be worth trying admin/password :) There
    are an awful lot of very badly configured home routers out there.

    > To date, I have not heard of this occuring with *any* models.


    I had a vague recollection reading about it around a year or so ago, but
    must confess I can't find anything now, so maybe I didn't remember
    correctly.
    >
    >
     
    Martin, May 19, 2009
    #2
    1. Advertising

  3. Leythos

    Leythos Guest

    In article <>,
    DLipman~nospam~@Verizon.Net says...
    >
    > From: "Leythos" <>
    >
    >
    > | Many routers no permit uploading an OS or other to their firmware - so,
    > | technically, I believe you could load an OS that would support a virus
    > | or other.
    >
    > You mean flash a new firmware ?
    >
    > It would NOT support a virus/malware. It would have to be malicious code embedded within
    > the firmware image.
    >
    > The problem here is what model ?
    > While you can do a dictionary attack on know passwords, you can't assume a particular
    > model SOHO Router. There are so many models out there -- which one ?
    >
    > To date, I have not heard of this occuring with *any* models.


    Me either, but, my thought was that if it can be programmed it can be
    infected. I've seen many open-source replacements for Linksys routers,
    it could be possible to compromise one at the firmware level.

    --
    - Igitur qui desiderat pacem, praeparet bellum.
    - Calling an illegal alien an "undocumented worker" is like calling a
    drug dealer an "unlicensed pharmacist"
    (remove 999 for proper email address)
     
    Leythos, May 20, 2009
    #3
  4. Leythos

    Todd H. Guest

    Yes, a router can be infected. See below.

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:
    > Yes, there are some 3rd party firmware for a couple of Wireless
    > Linksys Routers. So there is the possibility that a malicious
    > firmware could be conceived.


    David,

    You're a bit behind on this impression i'm afraid. It's way more than
    a couple. And it's way more than Linksys:
    http://www.dd-wrt.com/wiki/index.php/Supported_Devices

    OpenWRT and Tomato are other popular third party open source firmware
    distro's that are basically stripped down Linux for the broadcom
    platform.

    And to the original poster's question, yes, there are worms for
    routers. dd-wrt main page has a link to the psybot worm:
    http://www.dd-wrt.com/dd-wrtv3/index.php
    specifically
    http://www.dd-wrt.com/dd-wrtv3/community/developmentnews/1-common/31-router-worm.html


    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., May 20, 2009
    #4
  5. Leythos

    ~BD~ Guest

    Todd H. wrote:
    > Yes, a router can be infected. See below.
    >
    > "David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:
    >> Yes, there are some 3rd party firmware for a couple of Wireless
    >> Linksys Routers. So there is the possibility that a malicious
    >> firmware could be conceived.

    >
    > David,
    >
    > You're a bit behind on this impression i'm afraid. It's way more than
    > a couple. And it's way more than Linksys:
    > http://www.dd-wrt.com/wiki/index.php/Supported_Devices
    >
    > OpenWRT and Tomato are other popular third party open source firmware
    > distro's that are basically stripped down Linux for the broadcom
    > platform.
    >
    > And to the original poster's question, yes, there are worms for
    > routers. dd-wrt main page has a link to the psybot worm:
    > http://www.dd-wrt.com/dd-wrtv3/index.php
    > specifically
    > http://www.dd-wrt.com/dd-wrtv3/community/developmentnews/1-common/31-router-worm.html
    >
    >


    Interesting snippets, Todd. Thank you! :)

    --
    Dave
     
    ~BD~, May 20, 2009
    #5
  6. Leythos

    Todd H. Guest

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:

    > From: "Todd H." <>
    >
    >
    > | Yes, a router can be infected. See below.
    >
    > | "David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:
    >>> Yes, there are some 3rd party firmware for a couple of Wireless
    >>> Linksys Routers. So there is the possibility that a malicious
    >>> firmware could be conceived.

    >
    > | David,
    >
    > | You're a bit behind on this impression i'm afraid. It's way more than
    > | a couple. And it's way more than Linksys:
    > | http://www.dd-wrt.com/wiki/index.php/Supported_Devices
    >
    > | OpenWRT and Tomato are other popular third party open source firmware
    > | distro's that are basically stripped down Linux for the broadcom
    > | platform.
    >
    > | And to the original poster's question, yes, there are worms for
    > | routers. dd-wrt main page has a link to the psybot worm:
    > | http://www.dd-wrt.com/dd-wrtv3/index.php
    > | specifically
    > |
    > | http://www.dd-wrt.com/dd-wrtv3/community/developmentnews/1-common/31-router-worm.html
    >
    >
    > Thank you Todd. You provided information that shows I'm NOT
    > up-to-date and wrong.


    I'm not sure what you're trying to say here David. I'm getting the
    impression you're trying to refute something?

    To clarify, my note of not being up to date referred only to the
    quoted information regarding the scope of supported platforms for
    third party open source firmware.

    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., May 20, 2009
    #6
  7. Leythos

    Todd H. Guest

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:

    > From: "Todd H." <>
    >
    >
    >
    >>> Thank you Todd. You provided information that shows I'm NOT
    >>> up-to-date and wrong.

    >
    > | I'm not sure what you're trying to say here David. I'm getting the
    > | impression you're trying to refute something?
    >
    > | To clarify, my note of not being up to date referred only to the
    > | quoted information regarding the scope of supported platforms for
    > | third party open source firmware.
    >
    > Todd, I am thanking you and saying ...
    > You provided information that shows I'm NOT up-to-date and I'm wrong.
    >
    > I not refruting anything, I'm admitting my mistake.


    Gotcha. Hard to read ASCII accents sometimes. :)


    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., May 21, 2009
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. WCH
    Replies:
    3
    Views:
    715
    Linda
    Sep 15, 2004
  2. Doug Fox
    Replies:
    10
    Views:
    747
    donutbandit
    Feb 28, 2004
  3. Abbas
    Replies:
    1
    Views:
    1,337
    Abbas
    Aug 29, 2006
  4. Martin

    Re: Can a router be 'infected'?

    Martin, May 19, 2009, in forum: Computer Security
    Replies:
    1
    Views:
    910
  5. ~BD~

    Re: Can a router be 'infected'?

    ~BD~, May 20, 2009, in forum: Computer Security
    Replies:
    0
    Views:
    926
Loading...

Share This Page