Test your router from hackers “rom-0”
Following our research into the extent of vulnerability “192.168.ll” which affects around 1.5 million worldwide SOHO ADSL routers across a range of manufacturers, types and versions of the firmware, we have created and published a web application test at: http://rom-0.cz . This application allows any user to easily test the router on the “rom-0” from the perspective of the vulnerability of the Internet (ie from the external interface of the router).
It is a supplement “manual test” over a local network, which would give each user or network administrator to perform alone. It’s simple: just enter in a Web browser without logging into the router’s web administration URL: http: // <IP address of the router> / rom-0th If you will download 16 KB large binary file, so your router probably vulnerable. Properly should be either to reject this request or request a username and password.
Unlike “manual test”, which can be done only over a local network, our test Web application testing routers from outside and thus simulates the attacker’s access. Unlike real attackers, however, our app only uses HTTP HEAD request, so it does not download the entire configuration file and thus can not determine the actual password. Tests only detect its availability and size. However, this information is sufficient to determine whether the destination address is vulnerable or not and with a great degree of certainty. On the server logs accesses only to the extent of the current access log, but not the results.
Security error “rom-0”, which we wrote about earlier on this blog on a server root.cz, allows attackers to easily retrieve passwords to the Web administration interface routers. They then abused thus gained access to change DNS servers, then to websites and to install viruses to networked computers infected with the router. Standard using the IP 192.168.ll.
Basic defense against this attack is to prevent access from the outside (WAN) interface to the router’s web administration. Detailed instructions are in the above-referenced article on our blog.