Has Your Router Been Hijacked?

I blogged about this once before, and have emailed family, friends and clients about it as well, but perhaps it bears repeating.

Worm breeds botnet from home routers, modems
More than 100,000 hosts invaded

Sounds awful, doesn’t it? Well, it could be dangerous to your personal info, so taking steps to avert having your router infected is just good sense. You see, your router/firewall that’s connected to your cable or dsl “modem” is really just a limited, highly-specialized computer. Many of these devices, whether consumer router/firewalls or high-dollar Big Business router/firewalls for large networks, are run on linux versions that have a very minor, well-known vulnerability that this ‘bot exploits to gain control of a network. Most router/firewalls used by large networks in a business environment have long since been patched, but most consumer router/firewalls are run without ever being updated–and some may not even have updates to remove the vulnerability available from the manufacturer. Which are vulnerable? There’s not a well-documented list anywhere, so you have to be proactive.

1. Check to see if your router/firewall could be infected. “Ports 22, 23 and 80 are blocked as part of the infection process.”¹ Use your router’s admin access to check this. Don’t know how? Read The Manual! If these ports are blocked or admin access is blocked when you Follow Your Manual’s Instructions,

2. “…perform a hard reset on your device, change the administrative passwords, and update to the latest firmware. These steps will remove the rootkit and ensure that your device is not reinfected.”^ditto 😉

It’s an easy ‘bot to protect against, and just as easy to kill, so if your firewall/router is still vulnerable after reading this, it’s certainly not MY fault. 🙂

BTW, a strong password will be at least eight characters long and contain a mix of upper/lowercase letters, numerals and whatever “special characters” your firewall/router’s admin interface will accept. It will be memorablem to you (for whatever reason resonates with you) but will NOT contain any part of a real word, correctly spelled, that can be cracked with a dictionary attack, nor will it contain such immensely stupid content as the name of a relative or friend or a birthdate associated with you or anyone you could possibly know, etc.

In other words, don’t go out of your way to make it easy on password crackers.

Here’s an example of how I generate memorable passwords of medium security. I choose the technical name of a real geographical feature, or a lyric from an old, old hymn or the name of a long dead pet and an item associated with it, then I misspell it and then substitute characters and numbers for some of the letter, but NOT in standard “l33t” speak. It results in a password I can usually figure out if I forget it, but which will be relatively secure from dictionary attacks and from attacks by someone who may already have access to some personal info. I’ve been able to defeat 0phcrack–a password cracking utility for cracking Win2K/XP/Vista login passwords–with this technique, but it is still more vulnerable to brute force attacks than highly-randomized passwords of much longer (say 64 characters or more) length would be–the kinds of “passwords” I use for wireless access keys, for example.

Still, an eight-character password of medium strength is probably quite good enough to defeat psyb0t. Just do it.

BTW, I have lost count of firewall/routers I have dealt with in homes and small businesses that have the username and password for admin access STILL SET TO THE FACTORY DEFAULT!!! Folks, I’m not going to mince words. That is stupidity cubed.