“How worms crawl into routers
“Router worms invade through ports that are used for the remote
administration of the router. However, routers by default
don’t have these ports opened. They have to be manually
enabled on the router’s Web-based configuration utility. Moreover,
the bigger vulnerability is having a weak password. In other words,
if preventative measures are followed, remote administration is
safe.“This latest worm targets setups that meet all of the following
criteria:“Devices that use a MIPS processor running in little-endian mode
(mipsel). This includes roughly 30 Linksys devices, ten Netgear
models, and about 15 others. Additionally, routers loaded with
firmware replacements, such as DD-WRT, and OpenWRT, are
vulnerable.“Devices that have some type of remote (WAN) administration
enabled, such as telnet, SSH, or Web-based access—providing
only local access is not vulnerable.“The username and password combinations for the remote
administration access are weak, or the daemons that your firmware
uses are exploitable.”
How to: Prevent, Detect, and Recover from Router Worms
By
Eric Geier
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis