Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

At least one of the attack, the CSRF on the Asus RT-N56U, seems to need the IP address of the router. Does this mean that this attack is useless when the attacker doesn't know the IP of the router? Or is there a way to know it remotely? (I happen to have this router and the IP of the router is not the same, and I don't think that the default config has been changed as the admin interface has the default password.)

Also, an attack necessitating a user to be logged in to the admin interface has probably a very small chance of success. I don't know any "normal" person who would log into their router admin interface (unless maybe they are asked for with social engineering).

PS: but having an Open Wireless Router is a good idea anyway. We could imagine one having upgradeable hardware and just switch the mini PCIe card to have 802.11 ac instead of 802.11 n for instance.



If it's on the network and transmitting (at all) from that IP address, finding the set of IP addresses to check is trivial for an attacker.


Sure enough, that's a real problem when the attacker is on the local network, but what if the attacker is not on the local network? Because I think that this attack is supposed to work from an external network, or the Internet.


A CSRF attack is essentially a local attack.

All an attacker needs to do is have an array of [192.168.0.1, 192.168.1.1, 192.168.2.1, ...] and attempt the CSRF against all of them. 5 different local IPs will probably cover 90% or more of consumer routers, since nearly all of them are on 192.168 RFC 1918 networks and will generally always be a .1 host.

If they were going after a small or large business, it'd be a different story. But even then there'd be a lot of opportunity for likely guesses.


Can easily be obtained by spear phishing or nmapping IP ranges.


Or frequently by the email header of someone who sent mail from behind the router.


Do you need to be on the same local network as the user to do that or does that work with an attacker being on the internet?


If you just need their external IP address, you can probably easily coerce that out of them by getting them to click a link. Send an IM to a bit.ly link that logs an IP and forwards on to some random image, an email, a tweet, etc.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: