Devilish DNS Attack Compromises 300,000 SoHo Routers
Security researchers at Team Cymru published the results of a study describing a DNS pharming attack that has compromised more than 300,000 small office and home (SoHo) routers around the world. The attack replaces the DNS settings in the router with the address of a DNS server controlled by the attackers. By controlling the DNS server, the attackers can route users to conterfeit websites to capture passwords and banking information or push rootkit-style intrusion tools onto the victim's network.
According to the report, most of the victims discovered so far are in Asia and Europe, however, the technique is equally effective in other parts of the world. Compromised routers apparently had their DNS server set to the addresses 5.45.75.11 or 5.45.75.36. Routers from several vendors are suceptible to the attack, including Tenda, TP-Link, D-Link, Micronet, and others.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.