Linux Today: Linux News On Internet Time.

How to: Prevent, Detect, and Recover from Router Worms

Apr 10, 2009, 19:33 (0 Talkback[s])
(Other stories by Eric Geier)

"How worms crawl into routers

"Router worms invade through ports that are used for the remote administration of the router. However, routers by default don’t have these ports opened. They have to be manually enabled on the router's Web-based configuration utility. Moreover, the bigger vulnerability is having a weak password. In other words, if preventative measures are followed, remote administration is safe.

"This latest worm targets setups that meet all of the following criteria:

"Devices that use a MIPS processor running in little-endian mode (mipsel). This includes roughly 30 Linksys devices, ten Netgear models, and about 15 others. Additionally, routers loaded with firmware replacements, such as DD-WRT, and OpenWRT, are vulnerable.

"Devices that have some type of remote (WAN) administration enabled, such as telnet, SSH, or Web-based access—providing only local access is not vulnerable.

"The username and password combinations for the remote administration access are weak, or the daemons that your firmware uses are exploitable."

Complete Story

Related Stories: