Comments on: Malware alters DNS data on routers

By: Chris

Chris — Wed, 13 May 2009 20:58:30 +0000

I see a simple way of using a captcha system to prevent attacks, even if the router has a default password. simply in addition to the normal user name and password, have a captcha field on the login screen to verify that it’s a person logging in to make the changes.

By: Aa\'ed Alqarta

Aa\'ed Alqarta — Fri, 13 Jun 2008 23:08:06 +0000

I've compiled a countermeasures list to stop and prevent DNSChanger

check here
http://extremesecurity.blogspot.com/2008/06/use-default-password-get-hijacked.html

By: Dave

Dave — Fri, 13 Jun 2008 05:05:08 +0000

Monster-

If you have changed the default password for dd-wrt, you are safe from getting your router infected, even if you did install a zlob trojan as a video codec.

I doubt there's many out there able to install dd-wrt who wouldn't also at least change the default password to a weak one automatically.

By: barry99705

barry99705 — Thu, 12 Jun 2008 23:39:03 +0000

The Ubuntu repositories should be fairly safe. You don’t have any third party repositories do you?

By: barry99705

barry99705 — Thu, 12 Jun 2008 23:37:20 +0000

Check the routers dns settings. They should jive with your isp’s dns servers, or opendns’ servers if that’s how you roll.

By: monster

monster — Thu, 12 Jun 2008 23:35:41 +0000

thats easy james, just send me your credit card details, and if anyone but me empties your account you've been infected.

that goes for anyone =]

seriously though, this is making me nervous. i run DD-wrt on my router, but i run ubuntu on my desktop. if i need a codec i open synaptic and install it for vlc. does this mean i'm pretty secure from this bug?

By: James

James — Thu, 12 Jun 2008 23:18:04 +0000

What about *detection*? How do we know if our router has been compromised?