Authentication bypass in routers
Posted Mar 6, 2008 19:20 UTC (Thu) by martinfick
Parent article: Authentication bypass in routers
For people using routers at home, perhaps the best advice is to make sure its administrative interface is not internet facing.
Actually, even this has a pretty bad track record of working since it is trivial to design a web page that accesses internal routers by simply guessing what there IP is (could it perhaps be 192.168.1.1?) Some routers allow access with the external IP from the inside, no guessing required here.
It really is scary how easy it is to access many of the really poorly designed mass produced home broadband routers! Change the DNS settings and: voila, almost all non-secured (ssh/ssl) connections are owned!
It is very easy for an internal facing site to be accessed from the outside,
to post comments)