SERIOUS ADSL Security flaw

Forums › New Zealand Broadband › SERIOUS ADSL Security flaw

DragonNZ

11 posts

Geek

#9036 15-Aug-2006 08:45

I just read at this site: http://www.securiteam.com/securitynews/5FP020KJGU.html about a serious security flaw in the D-Link Router to do with UPNP Stack Overflow. Does any one know if the XTRA modems are affected?

NokiaRocks

364 posts

Ultimate Geek

Trusted

#43977 15-Aug-2006 09:56

i think the standard Xtra modem is the Dlink 302G, not on that list.

barf

643 posts

Ultimate Geek

#44011 15-Aug-2006 16:10

XTRA modems not on the list are potentially (but not certainly) affected by this, if they feature a UPNP gateway server. D-link use similar firmware on many of thier products.

I reccomend turning off UPNP whether or not your router is vulnerable to this partuclar exploit as UPNP inherits security concerns regardless of implementation.

Sniffing the glue holding the Internet together

JonC

425 posts

Ultimate Geek

#44012 15-Aug-2006 16:12

I have a D-Link DI-524 router, but the one that they sell in NZ is revision B, which is not on the vulnerable list, although there is a firmware upgrade dated December 2005 on D-Link's Australian web-site that fixes a few bugs.

Fraktul

836 posts

Ultimate Geek

Trusted

#44028 15-Aug-2006 18:30

UPnP shouldnt be listening on the WAN interface anyhow so the options are that somebody already has physical access to your LAN via cabling (in which case you probably have bigger problems than this) or your WLAN is not secured/you're using WEP in which case you're probably an idiot and won't be reading this in the first place ;)

DonGould

3892 posts

Uber Geek

#44061 15-Aug-2006 23:03

Fraktul: UPnP shouldnt be listening on the WAN interface anyhow so the options are that somebody already has physical access to your LAN via cabling (in which case you probably have bigger problems than this) or your WLAN is not secured/you're using WEP in which case you're probably an idiot and won't be reading this in the first place ;)

...or you're like those of us who see this whole security space as an empaire builders dream and a way for IT people to drain your walet of money for a problem that they're perpetuating.

Cheers Don

Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz

jpwise

590 posts

Ultimate Geek

Lifetime subscriber

#44080 16-Aug-2006 09:30

That's a bit of a pessimistic view isn't it Don? The same could equally be said for any other industry including Cars. Cars have bugs that are identified, they break down and require repairs/patches to fix, and they get broken into and stolen, etc.

Mechanics (and lawyers, and accountants, and all of the other trades) are also equally adept at draining our wallets.

Jp.

Working for Service Plus - www.serviceplus.co.nz

Authorised Service Agent for Apple, BenQ, Sony, and Toshiba - warranty & non-warranty repairs.

Fraktul

836 posts

Ultimate Geek

Trusted

#44094 16-Aug-2006 11:46

Very true, but if my car had as many saftey advisories as my software I would be walking :)