Tag: router

Beware Belkin routers: the jaws that bite, the claws that catch

belkin routerCERT/CC is warning users that some Belkin home routers contain a number of vulnerabilities.

The vulnerabilities affect the Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17, and potentially earlier versions of the firmware.  They allow an attacker to spoof DNS responses, intercept credentials sent in cleartext, access the web management interface, and take other actions on vulnerable routers.

The vulnerabilities have not been patched by Belkin and there aren’t any practical workarounds for them.

Among the bugs in the router is a problem caused by the use of insufficiently random values to calculate transaction IDs. The issue could allow an attacker to guess the next TXID and spoof a response from a DNS server.

“DNS queries originating from the Belkin N600, such as those to resolve the names of firmware update and NTP servers, use predictable TXIDs that start at 0x0002 and increase incrementally. An attacker with the ability to spoof DNS responses can cause the router to contact incorrect or malicious hosts under the attacker’s control,” the CERT/CC advisory says.

Belkin also uses plaintext HTTP to sending firmware update information to the N600 routers, a weakness that could enable an attacker in a man-in-the-middle position to block firmware updates or send arbitrary files to the routers. The routers also don’t have a password set for the web management interface by default, so an attacker on the network could get privileged access to the router’s interface.

There is also a global cross-site request forgery bug in the N600.

“Belkin N600 routers contain a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. Note that in default configurations lacking password protection, an attacker can establish an active session as part of an attack and does not require a victim to be logged in,” the advisory says.

Anonymous hijacks thousands of routers

anonOnline activists Anonymous, have hijacked hundreds of thousands of home and office Internet routers.

Security firm outfit Incapsula said the hackers target routers that have factory-default usernames and passwords, an “inexplicably negligent” mistake by ISPs and users alike.

The hijacked routers, located mostly in the US, Thailand, and Brazil, were infected by various potent malware and used to build a botnet that began attacks against dozens of targets in late December 2014.

Using the Internet bandwidth from the homes and offices of these routers, the owners of these botnets wield a weapon that packs a heavy punch against online targets.

Many of the hijacked machines reported back to AnonOps.com, a gathering point for the Anonymous activist group, “indicating that Anonymous is one of the groups responsible for exploiting these under-protected devices,” the report claims.

The hacking was first discovered by Incapsula last year when dozens of its customers were victims of what researchers describe as a “homogenous botnet” made up of swaths of nearly the same home and office routers.

An investigation revealed that all the hijacked routers suffer from lax security and were remotely accessible via HTTP and SSH on their default ports.

The botnet was self-sustaining. Newly hijacked routers will scan for other vulnerable machines; when a good target is found, an automated script easily conscripts it into the botnet’s ranks.

The malware infecting the machines includes the popular MrBlack trojan to new and as-yet unidentified pieces of malware.


Confusion hits the networking market

The enterprise networking market appears to be down the loo, and how badly depends on which analyst you ask for the numbers.

Beancounters at IDC says the first quarter value was $5.2 billion, while Dell‘Oro Group claims it was $5 billion. IDC said the market lost 12.3 percent from the fourth quarter of 2013 – down around $US730 million – while Dell’Oro said the market lost a billion compared to the previous quarter.

About the only thing the two could agree on was that that Layer 2 / 3 Ethernet was tanking because  pesky enterprises were shifting to WiFi because it is faster and more useful.

IDC said that there had been some large shipments in the data centre market which might have saved the likes of Cicso’s bacon. Network infrastructure VP Rohit Mehra was quoted as saying “10GbE and 40GbE switch ports for the datacentre and campus core remain the growth engine for this market, although we do expect the GbE market to hold its own with port shipments during the coming years.”

Dell’Oro  said that “data centre switching paused as Cisco’s Nexus 9000 product transition continued”.

IDC said   Cisco commands more than 60 percent share of the Layer 2/3 market – slightly down in the quarter – a 4.3 percent revenue decline has an impact on the whole business. Cisco’s service and enterprise router revenue dipped by 1.8 percent.

HP added 4.6 percent Ethernet switch revenue, while Juniper rose 53.4 percent for the same segment over the same period.

Dell’Oro  said that the “white box” switch market nicked market share and value from the name vendors.

However it was not all bad.  Dell’Oro said that future data centre business and the uncertain Chinese market, as offering hopeful signals or the future. IDC thinks that data centre business will keep the industry alive in the long term.

Cisco tells Obama “hands off our routers”

Cisco Systems’ chief executive officer has dashed off a stiffly worded letter to President Barack Obama telling him to stop buggering up the company routers with NSA spyware.

John Chambers is incandescent with rage after discovering that the National Security Agency had intercepted Cisco equipment. In a letter dated May 15, John Chambers, chief executive officer and chairman of the networking equipment giant, warned of an erosion of confidence in the U.S. technology industry and called for new “standards of conduct” in how the NSA conducts its surveillance.

“We simply cannot operate this way, our customers trust us to be able to deliver to their doorsteps products that meet the highest standards of integrity and security,” Chambers said in the letter.

The Financial Times showed pictures of NSA staff opening boxes of Cisco gear and fixing routers so that they provided back-doors for spooks.

The allegations stem from early reporting from Guardian journalist Glenn Greenwald, who has written about a number of NSA documents that were provided by former NSA contractor Edward Snowden.

Chambers wrote to Obama and said that if these allegations were true they will undermine confidence in our industry and in the ability of technology companies to deliver products globally.

This is the second time that Cisco has complained. Writing in the company bog, on May 13, the company’s top lawyer, Mark Chandler, wrote that Cisco ought to be able to count on the government not to interfere with the lawful delivery of our products in the form in which we have manufactured them. 

Cisco probed for selling $millions of kit in West Virginia

Cisco is in hot water because its sales teams sold hundreds of high capacity routers to the State of West Virginia which it did not need.

According to the Charleston Gazette, governor Earl Ray Tomblin has ordered state officials to reconsider where they’ve installed hundreds of high-capacity internet routers paid for with $24 million in federal stimulus funds.

The state placed oversized routers are in hundreds of public facilities which not only would fail to stimulate anything, but pretty much act like a chocolate teapot when it comes to internet use. Each Cisco 3945 series router cost $22,600. Hundreds of them have already been installed in “community anchor institutions” – schools, libraries, planning agencies, health centers, state police detachments, county courthouses, state agencies and other public facilities.

State and federal lawmakers also have slammed the router deal and Tomblin plans to appoint a group made up of technology experts from state government and the private sector.

Cisco said it would take back routers if West Virginia can’t find an appropriate place to put them, although there have been some suggestions from the governor’s office.

John Earnhardt, a Cisco spokesperson, said that there would be no problem in Cisco taking the routers back.

He said that there was a positive impact of broadband infrastructure on education, job creation and economic development, which is well established.

The routers were delivered in July 2010 but many remained boxed up in storage. The state paid $8 million for a five year warranty on the routers. Cicso has given the state a three-year extension on the warranty because they were not used.

Cisco claims that this is to show the company’s commitment to the project.

The question is why Cisco even suggested the routers to small community groups, and why government officials gave the idea the thumbs up.

CEO John Chambers hails from West Virginia so should know which sort of routers its public libraries need, and they probably did not need bullet proof heavy duty versions. For the use that some libraries get they probably would have been happy with dial up.

Belkin helps Cisco exit consumer market

Belkin has confirmed that it is buying Cisco’s Home Networking Business Unit.

The company will buy Cisco’s products, technology, employees, and the Linksys brand.

Belkin’s plan is to maintain the Linksys brand and will offer support for Linksys products as part of the transaction. No one is saying how much Belkin paid and it is expected to be a smooth transation for regulators and customers.

Belkin says it will honour all valid warranties for current and future Linksys products.

It means that Belkin will account for approximately 30 percent of the US retail home and small business networking market.

Hilton Romanski, Cisco’s Vice President of Corporate Business Development wrote in his blog  that Linksys has long been an important member of the Cisco family.

But the company was certain that it had found the best buyer in Belkin. The division was still in good shape, but Cisco really wanted to get out of the home networking market. There have been rumours that it had been hawking the division around potential buyers for months.

Cisco has been pulling out of the consumer market as part of its restructuring. Back in April 2011, the company shuttered its Flip video camera line, which was quickly losing out to the growing mobile space full of cameras included in smartphones.

Cisco’s CEO John Chambers has said that the company’s four key priorities are still core routing, switching and services, collaboration, architecture, and video.

Belkin and Cisco say they will develop a strategic relationship on a variety of initiatives including retail distribution, strategic marketing, and products for the service provider market.

Cisco will offer its specialised software packages while Belkin will bring its wide product line to the table.

Belkin CEO Chet Pipkin said the two companies share many core beliefs. Belkin wants to be the global leader in the connected home and wireless networking space while Cicso wants the business end.

Linksys was famous for its wireless connectivity products. 

Internet traffic to quadruple by 2016, says Cisco

Internet data is set for even more mind boggling growth as Cisco predicts a four-fold increase to IP traffic by 2016.

According to Cisco’s network of analysts, global IP traffic is set to reach 1.3 zettabytes.   This is equivalent to 1.3 trillion gigabytes being sent around the world, or 38 million DVDs streamed over an hour, and is almost four times the traffic seen in 2011.  

The rapid growth is being driven by a number of factors says Cisco in the Visual Networking Index (VNI) Forecast for 2011-2016.

The sheer weight of number of devices which are connected are connected is going to continue to increase, tablets smartphones pushing demand for connectivity, not to mention machine to machine communications.  

It is estimated that there will be almost 2.5 connections for each person on earth by 2016, as connected devices jump massively from 10.3 billion to 18.9 billion.

With actual internet users expected to grow in force to 3.4 billion, while over half the world’s traffic coming from wifi, we expect Cisco is rubbing its hands with glee at the thought of router sales should its predictions prove correct. 

The reports says that Faster broadband speeds will contribute to more data being flung through the ether, with an increase in average speeds from 9 megabits per second (Mbps) in 2011 to 34 Mbps in 2016.  

Video is expected to be provide a basis for much of the growth, as video user numbers rocket to 1.5 billion, sending 1.2 million video minutes every second in 2016.

Video conferencing for businesses is set to see a boom, with business internet users growing from 1.6 billion to 2.3 billion.  

The Asia Pacific region will see the most significant increase in IP traffic, with 40.5 exabytes per month, beating North America with 27.5 exabytes per month.  

The fastest growing region will be the Middle East and Africa with a compound growth rate of 58 percent.

Intel plans to give the modem a comeback

Intel wants to dust off the ancient modem technology to help connect wifi devices to routers.

Researchers working at Intel’s Applications Lab in Portland, Oregon think that bleeping audio tones of a modem could make connecting devices to wi-fi routers easier.

It could be used to let wireless devices without a keyboard to be connected to a wireless router without the difficulty of punching in a code on a remote or small keypad. Intel’s Marc Meylemans and Gary Martz told New Scientist that the unauthorised wireless device audibly emits a uniquely identifying secret code.

According to their patent US 2011/0277023 once the router hears the code, it lets the device to connect, or at least allows you to control whether it does.

It does not mean that you have to put up with that screech you got from your modem in the 1980s. In fact, Intel said you can make it any unique combination of eight sounds, which means you could play snippets of music or clicks instead, to make it significantly less annoying.

While it sounds like it could be set for security, it has not been checked for that yet. It is more to simplify the set-up of the many new wi-fi devices on the market. 

The Onion Router is secure and very well thank you

The Onion Router (TOR) is alive and kicking, feeling secure and very healthy despite other plaices saying the contrary. Cryptome.org recently linked to two posts on PGPBoard in the last few days, where claims were made TOR was unsecure. Eviloids such as non-hacker Adrian Lamo, famous for ratting out Wikileaks informer and whistleblower Bradley Manning to the FBI, were purported to be able to sniff  data flowing in and out and about TOR exit nodes operated by them.

Some guy without a name also went on to state TOR had a big stonking hole in its SSL layer and thus were as safe as secrets are with Adrian Lamo. On Friday, press agency UPI also reported the benevolent state of Iran, herold of freedom across the globe, had obtained deep packet inspection sniffing abilities, quoting TOR’s Andrew Lewman.

According to UPI, Iran is apparently now better equipped than China to supress its students and warn them not to listen to horrid corrupters of youth like Michael Jackson and The Ramones and get silly ideas of freedom and democracy.

However, stories claiming TOR is as unsecure as conveying state secrets by postcard are wrong, claimed Andrew Lewman when asked by TechEye. UPI apparently churned out its piece based on an article wiritten by England’s The Telegraph newspaper, yet overlooked paragraph nine, which states ” […] developers have redesigned the software so that its traffic looks just like any other when it sets up an encrypted connection, and Iranian user numbers are now back to normal.”

“We fixed the problem back in January 2011.  It’s clear the journalists are two months behind the technology.  Tor is working well in Iran and continues to be the safest choice,” Lewman told TechEye.

Lewman also dismissed the claims made on PGPBoard as “some paranoid wanting attention.  We addressed this concern over a year ago when Wired tried to create a controversy togenerate more page views”. TOR’s take on a story published by The New Yorker and rehashed by Slashdot and Wired’s Threat Level bog can be found here.

The New Yorker originally wrote about Wikileaks noticing a glut of Chinese hacking activity in the TOR network. Wired than claimed Wikileaks was founded on materials it had intercepted within TOR. Wikileaks later on stated Wired’s claim was bogus

It seems users and other places still have to figure out they also need encryption on the outside.

TP-LINK announces "fastest" wireless router

Network equipment manufacturer TP-LINK has announced what it claims is the fastest wireless broadband router in the world.

The TL-WR2843ND is capable of speeds up to 450Mb/s as well as simultaneous dual-band transmission. The speeds are up 50 percent faster than standard wireless 802.11N routers, which usually only offer top speeds of up to 300MB/s. The new router also promises a 60 percent increase in range over older models.

TP-LINK claims that not only is this the fastest router on the market, but it will allow people to use their wireless connections without seeing a drop in connectivity at all, which has sometimes been a problem for wireless routers in the past. 

This interference protection comes from the simultaneous dual-band feature, which offers both the 2.4GHz band which several other household electronics work on and the new 5GHz band, providing additional defence against interference. 

It also means you can use the two different bands for different things, with an example cited using one band for browsing the net and the other for downloading files.

Additional features include a Wi-Fi Protected Setup Button for easily adding new devices to the network and a USB Share Port, which allows an external hard drive or similar device to connect directly to the router and offer the entire network access to files stored there.

The router will be available in May for £84.99 ($135).