Insecurity breeds at home



Similar documents
Where every interaction matters.

What Does DNSChanger Do to My Computer? Am I Infected?

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

Overview of the Penetration Test Implementation and Service. Peter Kanters

WEB SITE SECURITY. Jeff Aliber Verizon Digital Media Services

CYBERTRON NETWORK SOLUTIONS

Guidelines for Web applications protection with dedicated Web Application Firewall

Firewall Firewall August, 2003

MALICIOUS REDIRECTION A Look at DNS-Changing Malware

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Sentral servers provide a wide range of services to school networks.

CS 558 Internet Systems and Technologies

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

8 Steps for Network Security Protection

8 Steps For Network Security Protection

Sitefinity Security and Best Practices

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

Codes of Connection for Devices Connected to Newcastle University ICT Network

Threat Intelligence UPDATE: Cymru EIS Report. cymru.com

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK

Virtualization System Security

Dynamic DNS How-To Guide

Web Vulnerability Assessment Report

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

Trend Micro Worry- Free Business Security st time setup Tips & Tricks

Cross Site Scripting in Joomla Acajoom Component

Reducing Application Vulnerabilities by Security Engineering

VIDEO Intypedia013en LESSON 13: DNS SECURITY. AUTHOR: Javier Osuna García-Malo de Molina. GMV Head of Security and Process Consulting Division

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

Recommended IP Telephony Architecture

How to complete the Secure Internet Site Declaration (SISD) form

Ethical Hacking as a Professional Penetration Testing Technique

U06 IT Infrastructure Policy

Revealing Botnets Using Network Traffic Statistics

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Course Content: Session 1. Ethics & Hacking

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework

Web Application Vulnerability Testing with Nessus

DNS POISONING, AKA PHARMING, MAKES THE HEADLINES IN NOVEMBER S NEWS

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015

HREP Series DVR DDNS Configuration Application Note

Configuration Guide. How to Configure SSL VPN Features in DSR Series. Overview

IBM X-Force 2012 Cyber Security Threat Landscape

Locking down a Hitachi ID Suite server

Magento Security and Vulnerabilities. Roman Stepanov

MANAGED SECURITY TESTING

Annex B - Content Management System (CMS) Qualifying Procedure

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015

CMPT 471 Networking II

Learn Ethical Hacking, Become a Pentester

Overview Commitment to Energy and Utilities Robert Held Sr. Systems Engineer Strategic Energy August 2015

Networks and Security Lab. Network Forensics

(WAPT) Web Application Penetration Testing

Web Application Report

Computer Security Literacy

Half Bridge mode }These options are all found under Misc Configuration

Exploiting Foscam IP Cameras.

External Supplier Control Requirements

IJMIE Volume 2, Issue 9 ISSN:

Chapter 11 Cloud Application Development

Web Application Penetration Testing

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

National Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement Exit Conference...

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

VESZPROG ANTI-MALWARE TEST BATTERY

Steps for Basic Configuration

Stanford Computer Security Lab XCS. Cross Channel Scripting. Hristo Bojinov Elie Bursztein Dan Boneh Stanford Computer Security Lab

Proxies. Chapter 4. Network & Security Gildas Avoine

Patch and Vulnerability Management Program

FortiWeb 5.0, Web Application Firewall Course #251

Security of IPv6 and DNSSEC for penetration testers

How Web Application Security Can Prevent Malicious Attacks

Vulnerability Assessment and Penetration Testing

Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0


Web Application Security

Own your LAN with Arp Poison Routing

Phishing and Banking Trojan Cases Affecting Brazil

Using a VPN with Niagara Systems. v0.3 6, July 2013

USG40HE Content Filter Customization

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

Denial of Service Attacks

A Network Administrator s Guide to Web App Security

OWASP Top Ten Tools and Tactics

Members of the UK cyber security forum. Soteria Health Check. A Cyber Security Health Check for SAP systems

Intro to Firewalls. Summary

JBoss security: penetration, protection and patching. David Jorm

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Volume SYSLOG JUNCTION. User s Guide. User s Guide

Who is Watching You? Video Conferencing Security

DRO-210i LOAD BALANCING ROUTER. Review Package Contents

Information Security. Training

Certified Ethical Hacker Exam Version Comparison. Version Comparison

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.

V310 Support Note Version 1.0 November, 2011

The current case DNSChanger what computer users can do now

Transcription:

Insecurity breeds at home - Vulnerabilities in SOHO routers Amrita Center for Cyber Security Amrita University

Small Office Home Office(SOHO) Routers 2

Problem at hand No technology available to detect/prevent attacks on Cyber Physical Systems No mechanism to assure security of basic Internet connection @ home Serious risk created by widespread SOHO router pharming 3

Small Office Home Office(SOHO) Routers Basic interface to Internet for home/small office networks Less cost, least secure Intended for novice users, designed with easy connectivity in mind Different vendors, same hardware 4

DNS Based Phishing 5

DNS Changer Malware First Surfaced in 2007, Phishing targeted at financial gain Affected 300,000 devices across Europe and Asia Redirecting DNS traffic to malicious servers in Estonia, New York and Chicago Common malwares involved TidServ, Alureon, TDSS, TDL4 Most of these malwares exploit default passwords being used Countermeasures undertaken by the US FBI in 2012 under Operation Ghost Click confiscating rogue DNS server and shutting them down Report by Rob Thomas from Team Cymru suggests presence of new rogue servers and 78% of the traffic to these servers are from INDIA 6

Methodology Monitor DNS traffic at ISP level to identify compromised routers as well as rogue DNS servers Requires permission from ISPs and other authorities Limited information on router level vulnerabilities Extract DNS information from vulnerable home routers Running automated scripts to extract DNS settings information from routers online Can collect detailed information on what vulnerabilities are there in each router We are not exploiting just extracting... We value Ethics 7

Identification Methodology Scan for devices on the internet with known port(used by SOHO routers) open Extract headers and banners to look for signature of SOHO devices Information Extraction Run the rom-0 exploit on the list of identified SOHO router IPs to extract password Run exploit script(automated telnet com) on vulnerable routers to extract DNS setting info and MAC address Data Analysis Identify rogue DNS servers and services hosted by related malicious servers 8

Identification Scan devices running RomPager HTTP server (HTTP header will reveal the server) Scan the list of RomPager IP for known open ports (making sure it is a SOHO device) 9

10

Security of SOHO Routers Designed for easy connectivity not security Vulnerabilities listed at both firmware level as well as at user interface Common Vulnerabilities (44 CVEs listed for ZyXel hardware alone) Rom-0 Vulnerability Cross Site Scripting (XSS) Cross Site Request Forgery (CSRF) Denial of Service (DoS) 11

Rom-0 Vulnerability Attackers can download the backup configuration file(rom-0) without authentication Attack URL : http://<ip>/rom-0 Reverse Engineer Rom-0 file to extract configuration file First line of the rom-0 file contains the admin password of the router Found in ZyNOS OS running RomPager HTTP server 12

13

14

Rom-0 Vulnerability Vulnerable Router Models ZyXel TP-Link D-Link Micronet Tenda Binatone 15

Information Extraction Extracting Password Scan the identified router IP list to check for rom-0 vulnerability If vulnerable, download rom-0 file Reverse engineer the file rom-0 file to extract the config file First line of rom-0 file holds the admin password Extract DNS settings ZyNOS devices has telnet access from external network An automated telnet script can be used to extract DNS settings and MAC address of the router 16

17

Results & Findings What we found Scanned 11,24,682 Unique IP in the Entire Indian ASN space running HTTP services Identified 9,0733 devices running HTTP service Identified 1,4209 devices with matching SOHO router signature Identified and exploited 4515 routers running vulnerable ZyNOS firmware 17% of routers forward DNS traffic to legitimate DNS servers 556 routers redirects to known malicious DNS servers 18

Data in Google Maps 19

Results & Finding Why these many vulnerabilities Lack of security protocols followed during design by low end router manufacturers Lack of Initiative form the part of ISPs Lack of awareness from the part of users 20

Thank You

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information