DSL router hijacking vulnerability uncovered

Kevin Lancaster · Jan 30, 2015

DSL router hijacking vulnerability discovered

A ZynOS vulnerability exposes D-Link, TP-Link, and ZTE routers to a DNS hijacking attack

DrJohnZoidberg · Jan 30, 2015

Lots of vulnerabilities being exposed lately.

GreGorGy · Jan 30, 2015

Interesting...

http://mybroadband.co.za/vb/showthread.php/546261-Very-strange-thing

http://mybroadband.co.za/vb/showthr...k-modems-causing-Internet-connection-problems

D-Link · Jan 30, 2015

The DSL-2740R is a discontinued product, none of our current routers have this vulnerability

Kind Regards
D-Link | Building Networks for People

Sinbad · Jan 30, 2015

/hugs mikrotik

digitalp · Jan 30, 2015

D-Link said:
The DSL-2740R is a discontinued product, none of our current routers have this vulnerability

Kind Regards
D-Link | Building Networks for People

Why dont you send out a fix for the discontinued products? Dont think i will be getting a DLINK again.

falcon786 · Jan 30, 2015

D-Link said:
The DSL-2740R is a discontinued product, none of our current routers have this vulnerability

Kind Regards
D-Link | Building Networks for People

Thanks that's reassuring,I'm using the DSL-2750U so that should be fine then?

Bosvark@ · Jan 30, 2015

Sinbad said:
/hugs mikrotik

If you can get the config right...

DrJohnZoidberg · Jan 30, 2015

Sinbad said:
/hugs mikrotik

/humps pfSense.

Pada · Jan 30, 2015

Sinbad said:
/hugs mikrotik

I hope you're running on the latest RouterOS, because it recently (19 Jan 2015) fixed like ntp vulnerability too.
Of course when your Mikrotik is correctly configured (firewalled from outside), that shouldn't matter either.

MickZA · Jan 30, 2015

DrJohnZoidberg said:
/humps pfSense.

Steady on there Doctor!

/pats IPCop in a non sexual manner

Sinbad · Jan 30, 2015

Pada said:
I hope you're running on the latest RouterOS, because it recently (19 Jan 2015) fixed like ntp vulnerability too.
Of course when your Mikrotik is correctly configured (firewalled from outside), that shouldn't matter either.

Of course it is

Drop all packets entering PPP interface unless they're ACKs

GreGorGy · Jan 30, 2015

falcon786 said:
Thanks that's reassuring,I'm using the DSL-2750U so that should be fine then?

For now, until they decide it is obsolete, then the next day...

digitalp said:
Why dont you send out a fix for the discontinued products? Dont think i will be getting a DLINK again.

Good question - and similar approach to be taken by myself.

TimTDP · Jan 31, 2015

D-Link said:
The DSL-2740R is a discontinued product, none of our current routers have this vulnerability

Kind Regards
D-Link | Building Networks for People

and the DSL 2750U?

saa044 · Feb 1, 2015

I picked this up last week, did not change dns settings to much, but there was a lot of unwanted upload traffic bypassing my q tree. A quick mangle rule and everything was sorted. Got to love Mikrotik.

kianm · Feb 1, 2015

Just make your clients get external DNS server addresses directly from DHCP if internal name resolution is no big deal, solves half the problem already

The_Unbeliever · Feb 1, 2015

/strokes Smoothwall

No worries for me

Join the MyBroadband community

Get started

DSL router hijacking vulnerability uncovered

Kevin Lancaster

MyBroadband Editor

DrJohnZoidberg

Honorary Master

GreGorGy

BULLSFAN

D-Link

D-Link Africa Representative

Sinbad

Honorary Master

digitalp

Senior Member

falcon786

Honorary Master

Bosvark@

Expert Member

DrJohnZoidberg

Honorary Master

Pada

Executive Member

MickZA

Executive Member

Sinbad

Honorary Master

GreGorGy

BULLSFAN

TimTDP

Expert Member

saa044

Expert Member

kianm

Honorary Master

The_Unbeliever

Honorary Master