So is mine :(
I bought a new router that isn’t on the list. It’s a Motorola router and none of those seem to be listed but I don’t know if that’s because they aren’t vulnerable or because they weren’t tested.
Update: mine is not on the list. Similar model number, different manufacturer.
Still, it highlights a problem that I’ve been aware of for some time. Since my DSL router is issued by and managed by my ISP, I can’t tell if it is infected. I know it runs Linux inside (the UI mentions several Linux-specific terms), but I don’t have root on it. I don’t have a shell at all.
I could capture packets on the ethernet ports or the WiFi interface, but I can’t observe data on the WAN interface.
My conclusion thus far is that I need to break into it myself, just to check if anyone else has done so. Should be easy, since it has tons of services (even Samba for the share-usb-storage-device-with-lan feature) but, I’ve got half a dozen other projects queued up…
If I had a magic wand (and I’d already used it to solve all the more pressing problems) I’d use it to convince my ISP to offer a service which records all the traffic my DSL interface receives or creates. The service would have a web interface which allows me to activate/deactivate it. The service would save the packet capture to a file, gzip it for me, and let me download it (after turning off the capture, of course!). The service might be called ‘virtual mirror port’ or something.
Hm, my router is on the new list. I’ll check for the https–>http behavior tonight.
So is mine :( I bought a new router that isn’t on the list. It’s a Motorola router and none of those seem to be listed but I don’t know if that’s because they aren’t vulnerable or because they weren’t tested.
Update: mine is not on the list. Similar model number, different manufacturer.
Still, it highlights a problem that I’ve been aware of for some time. Since my DSL router is issued by and managed by my ISP, I can’t tell if it is infected. I know it runs Linux inside (the UI mentions several Linux-specific terms), but I don’t have root on it. I don’t have a shell at all.
I could capture packets on the ethernet ports or the WiFi interface, but I can’t observe data on the WAN interface.
My conclusion thus far is that I need to break into it myself, just to check if anyone else has done so. Should be easy, since it has tons of services (even Samba for the share-usb-storage-device-with-lan feature) but, I’ve got half a dozen other projects queued up…
If I had a magic wand (and I’d already used it to solve all the more pressing problems) I’d use it to convince my ISP to offer a service which records all the traffic my DSL interface receives or creates. The service would have a web interface which allows me to activate/deactivate it. The service would save the packet capture to a file, gzip it for me, and let me download it (after turning off the capture, of course!). The service might be called ‘virtual mirror port’ or something.
Well this is worrying, particularly since I’ve just now heard of it :-/