Web hijacking by router - a new method of advertisement by Belkin

Rubens Kuhl Jr. rubens at email.com
Sat Nov 8 22:38:03 UTC 2003


May be they simply flag your router to not redirect to any web site, but the
router still goes every x hours to their site to verify the current redirect
status of your product. This wouldn't require admin privileges on your box
to be done... but could make every router with such firmware DoS'able; just
blackhole the Belkin site and every such request would need to timeout
before the router resumes normal behaviour.


Rubens


----- Original Message ----- 
From: "Steven M. Bellovin" <smb at research.att.com>
To: <william at elan.net>
Cc: <nanog at merit.edu>
Sent: Saturday, November 08, 2003 11:44 AM
Subject: Re: Web hijacking by router - a new method of advertisement by
Belkin


>
> In message <Pine.LNX.4.44.0311072211400.3208-100000 at sokol.elan.net>,
william at el
> an.net writes:
> >
> >Would be interesting to see if their current advertisement (every 8
hours)
> >page would now be replaced with "We're so sorry that you're seeing this
> >page, please make sure to download our latest patch so your router never
> >bother you again and would keep us out of legal trouble" message...
>
> The Belkin posting reproduced on Slashdot indicates that when you
> unsubscribe via their Web page, it modifies the configuration of your
> router.  Say, what?  There are ways in which an external Web server can
> change things on my box?  How is that secured?  I can think of lots of
> bad answers to that question, and not very many good ones.
>
> --Steve Bellovin, http://www.research.att.com/~smb
>
>
>




More information about the NANOG mailing list