Routers owned by Botnet

March 23rd, 2009 by Holger Bauer

Did you ever think your router could become a bot? I guess the answer is no. However, there seems to be a botnet that can get control over linux based routers and modems that use MIPS hardwarearchitecture. For more details check out this link . This is somehow scary. Aren’t you happy you are using pfSense? ;-)

Tags:

7 Responses to “Routers owned by Botnet”

  1. Curtis LaMasters Says:

    Very thankful. This is quite scary, hope the dev’s come up with something to fix the issue and I’m glad I don’t have any deployed.

  2. Chris Buechler Says:

    Though with poor administration practices, there isn’t anything stopping people from adding pfSense “support” to these exploits. If you have an easy to guess password, this is always a possibility with any device, especially if you open your web interface to the Internet. Any firewall is only as good as it’s configured to be.

  3. Mike Says:

    The problem here is that many of us use such an embedded device between a PC or other device running pfSense or m0n0wall and the rest of the net, such as an ADSL modem. In such a case, as the article pointed out, you won’t even know you got pwned unless you or your provider try to log into the device. The problem also, at this point, is easily solved by power-cycling, meaning 1. it’s not advanced (perhaps deliberately from what I read) enough to write its config to flash; and 2. this is a bigger problem for those that leave their computer stuff up all the time, so if you turn off everything when you’re not using it, you’re ok. OTOH, if you’re running a business, like our motel here, where the internet has to be available 24/7, this is a serious issue.

    One of my connections going into pfSense is through a device that may meet these requirements (I have to use it because, except maybe in 2.0, pfSense doesn’t support USB modems); however, the config interface isn’t available to the outside world anymore that pfSense’s is, so it’s ok. But I feel sorry for those who need the ability to control one of these things from home (on-call support anyone?).

    Mike

  4. Scott Ullrich Says:

    Always change your username and password to something secure.

  5. James Carter Says:

    “Your device has telnet, SSH or web-based interfaces available to the WAN”

    FAIL! ;-)

  6. Dwayne Says:

    Most linux routers do allow you to limit their remote login to a specific remote static IP or subnet. If remote access is open to the world then its just encouraging trouble, although there will be ways to break the security.

  7. Chris Says:

    Don’t mean to be argumentative, but in all fairness it doesn’t seem to have much to do with Linux, per se, but rather with poor security practices in general. For instance, there’s nothing keeping brain-dead users from leaving pfSense vulnerable to the same kind of issues if they were sufficiently ignorant and/or apathetic towards security. It’s not as if OpenSSH or lighttpd are Linux-specific services, after all. If these devices were running FreeBSD or even OpenBSD, I’d imagine the outcome would be pretty similar.

    Of course, take this in the proper context, since I am running the wonderful pfSense in several production environments myself!

    Regards,
    -C

Please don’t post technical questions or off-topic comments. It is far more likely that your questions and concerns will be addressed effectively through one of our support channels.

Leave a Reply