Most folks will not understand (or even care about) the details of the recently reported DNS rebind vulnerability. But this problem affects many of the low-end cable and DSL routers that are used in homes and small businesses.
Even more alarming is that a tool to exploit this vulnerability is to be released at Black Hat 2010 in just a few days.
What can you do to protect yourself from this exploit?
- Change the administrative passwords on your routers. All of your routers come with a well-known default administrative password. You should connect to the router and make sure that you are not using the default. You should also use a complex password.
- Disallow remote administration of the device. Many routers allow administrative access from the Internet. This should be allowed only in rare and well-defined situations. Although this is not directly related to the DNS rebind problems, you should still verify this setting.
- Upgrade the firmware to the latest version available from the manufacturer. Most manufacturers put out updates to the firmware that is running on their routers. If you are not running the latest version of the firmware for the router, go get it from the manufacturer’s website and do the upgrade. This will protect you from other attacks.
- If you are using wireless, be sure to use WPA2 to protect your wireless connections. I hope you are not using WEP. Using WPA2 is much better. (A technical explanation is beyond the scope of this post.)
These steps will minimize the attack surface on your devices.
Good luck!
- Dan
