Security Corner

Dec 29 2011   11:34PM GMT

Router reboot can open your system to hackers



Posted by: Ken Harthun
Tags:
cyber security
hackers
Hacking
NAT
Routers

Hmm....

For years, I have given advice to everyone that the first line of security for your home PCs is a NAT router between your home network and the Internet. While that is still true, there is one situation where the protection normally afforded you by the router is non-existent, leaving your public IP address visible to the world and your home network open to attack. I have actually observed the phenomenon I will describe in a moment, so I know it is an issue and something you should know about. It’s highly unlikely it could be exploited on any large scale, but it’s possible, so something worth discussing. In any event, the concept is out there, so someone is sure to try it.

This reader question came up in Security Now! Episode 133:

Question #5, Sami Lehtinen…from Helsinki, Finland makes a GREAT observation about dangerously leaky “hardware” firewalls. He says: I wanted to warn people about potential problems with regular home routers such as the more expensive and fancy firewall routers that are very configurable. That configurability can backfire nastily….

While the router is booting – it’s quite a long process – parts of the system start with default configuration, like the switch portion. This causes all LAN, WAN and DMZ ports to be completely bridged for about one minute. After that, normal NAT/SPI, DHCP, et cetera, function returns….

What Sami discovered is that you are directly connected to public Internet for about a minute while the router reboots. Steve Gibson concurs and proposes his solution, which I wholeheartedly endorse:

So this is a very real problem. What, I mean, the takeaway from this actually is to – what I would do is, and I’m probably going to do it from now on, I don’t reboot my router very often, but I would disconnect my LAN side connection for a couple minutes until the router comes up and it settles down, and then bring my local network up inside….

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: