Smokey's Security Weblog

veritas odium parit

Router Crash Test: Could your home network be taken over remotely?

Well, most of the time I blog about software related issues, this time something about hardware and security: routers.

On the website of the well known GRC- Gibson Research Coproration of Steve Gibson you can test your router with a “Router Crash Test”.

From Steve’s site:

Quoting Steve: “During our development of GRC’s comprehensive DNS nameserver spoofability profiling system, we discovered something quite unexpected: A number of users were losing all Internet connectivity shortly after initiating the nameserver profiling. Upon further examination they discovered that the test was crashing their consumer NAT routers.

What this means is that the Internet data packets entering these routers from the outside are, in some way, something that the router does not currently handle properly — so the router crashes. The development of virtually all successful remote Internet exploits begins when someone notices that something unexpectedly crashes a system. This is typically evidence of a previously unknown “buffer overrun” or “unchecked buffer” vulnerability in the affected device. Armed with the knowledge of the existence of such a possible vulnerability, skilled hackers — and make no mistake about it, these people are highly skilled — are often able to refine the characteristics of the “crashing packet” to cause the affected system to execute code they provide in a some sophisticated version of that packet.

And, with that, the minor annoyance that once crashed a router when running GRC’s DNS test evolves into a full blown exploit that allows a remote hacker to take control of the network that was previously protected by that router.

It might very well be that the inherent behavior of NAT routers, whereby they simply ignore and drop unsolicited packets coming in from the Internet, would completely mitigate any danger from the fact that expected and solicited packets — such as those occurring during our test — are able to crash the router. In other words, your router is crashable and potentially vulnerable only because and only while it is in the process of running this test which was initiated by you “on the inside” from behind your router’s inherent protection.

Having said that, however, it might also be that any exposed ports in a router, such as those created by explicit port forwarding or the use of a router’s “DMZ” forwarding capability, would once again expose the router to DNS packets it appears to be unable to safely digest.” /End quoting.

So far Steve’s introduction to his Router Crash Test, to understand everything he is talking about you have to read the full article on his site:

>> Perform the GRC Router Crash Test <<


December 31, 2008 - Posted by | Advisories, Friends, Malware, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , ,

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: