http://preview.tinyurl.com/38v2ew8

Both the DD-WRT and OpenWRT are vulnerable. Some Linux based routers have even worse problems with their defaul firmware – they allow configuration from the WAN side just like it is the LAN side.

Your aunt Martha is not going to muck around with a hardware hack that makes it possible to only be able to configure the router via a USB connection. Just change the default password (which for a Linksys is NOTHING) to one of your own choosing! But that is just a first step:

http://www.securemecca.com/public/HomeRouters/

As for a router distinguishing legitimate requests from bogus ones, I don't see how it can be done – after all it is just a dumb device. All of these commodity routers / firewalls are USUALLY made to be hard and crunchy on the outside but soft and chewy on the inside. This exploit is working on the soft chewy inside, and default passwords and default settings. Most of the mixed DNS IP addresses I see have 192.168.1.3 which is the first DHCP by default with Linksys. Try anje.pt for now (2010-08-07). So change DHCP to start at 200+ and configure all of you machines that can use static IP addresses to use them but pick ones above 20 but below the DHCP range. IOW, just use some plain good old common sense which the router does not have, rummage around and tighten things done. If you have an ActionTec – get something stiffer behind it – its setting enhancers are to open up even more holes for games.

But start by just changing the password and NOT storing it in the handy dandy password saving mechanism for the browser.

Though this is not complicated, it's sufficiently difficult to be out of the motivational reach of the average user. I've researched this before. I can build hardware, but I'm too lazy to do even this.

The TTL signals on the board are only 3V, so you have to build a little circuit to boost the voltage. Otherwise it would be just a matter of putting together a cable and running it through the plastic case.

I did some more digging and found off-the-shelf hardware you can buy which goes directly between +3V and USB, so you can then see the device via a USB emulated serial port.

The best way may be to order some off-the-shelff circuit which converts the 3 volt signals directly to USB.

Firstly, I don't see what Wi-fi access to your router has to do with this at all. This affects you if you have any kind of network access to your router, whether it be through copper ethernet or Wi-Fi! Wi-Fi is a local security risk only: someone connecting to your access point wirelessly and hacking your WPA2 key. We are talking here about a remote exploit.

Secondly, I have a question. Do these hacks rely on the well-known internal address of the router such as 192.168.1.1? That can usually be changed to something else.

Or do some routers actually accept HTTP connections from inside network to their external IP address (the one obtained from the ISP?) See, that would be a big problem, and something that is a legitimate router issue.

Other than that, I don't see how router firmware can do anything to protect against this (or, at least, anything that isn't a humungous hack involving deep packet inspection). The problem is a browser vulnerability. The browser is tricked into allowing a script into accessing your router's management. Since accessing your router's management is something that is allowed from your machine, what can the router do about it? The router is password-protected. If you leave it at the default password, or a dumb password, that's that.

The router would have to distinguish a legitimate-looking request from one that might have been generated by a rogue website. For instance, it might have to monitor DNS responses coming from the Internet port (deep packet inspection) and recognize that an attack is taking place, since a DNS response contains an internal IP.

But this is not really fixing any security vulnerabiilty in the router; it's compensating for stupid application software inside the network which doesn't itself validate DNS responses for basic sanity. Now, admittedly, one of the jobs of a router IS to protect stupid applications inside the network. That's a basic definition of firewalling.

But oddly enough, porn sites are not statistically safer than regular web sites! “A study by free anti-virus firm Avast found 99 infected legitimate domains for every infected adult web site.” – http://www.theregister.co.uk/2010/06/30/unsafe_…