back to article Is your home or office internet gateway one of '1.2 MILLION' wide open to hijacking?

Hundreds of thousands of routers, firewalls and gateways used by small offices and homes are said to be vulnerable to hijacking due to bungled NAT settings. The networking devices are, we're told, commonly misconfigured to allow remote attackers to reprogram how network traffic flows to PCs, servers, tablets and other machines …

  1. Number6

    That's a good one, worthy of an entry in the Fuck-Up Hall of Fame.

  2. Destroy All Monsters Silver badge
    Windows

    Meh

    Like american wars, the permanent hum of exploitable bug doofosity has become part of the filtered-out background noise of the 21st century.

  3. Shadow Systems

    ButButButbutbutbut I am teh Secure!

    I'm online via my Official Carrier branded modem, across Official Carrier lines, to my Official Carrier's HTTPS site over a Dial Up Connection! There's no possible way Comcast could be that insecu-

    *Line Noise*

    *Obvious second source of text being typed in a different font & size than the original*

    I am perfectly assured of my excellent Comcast service. I have no problems what so ever with my awesome Comcast service. My Comcast Customer Support, Tech Support, and Billing is without equal, and leads the industry in every metric that matters. I believe strongly that the Comcast & TWC merger should be allowed to proceed without hesitation, as it will be good for everyone. I think Microsoft is the best company to have existed next to Comcast, and I offer up my children to my Corporate OverLords.

    All hail the Mighty Comcast! Long may they reign!

    -Signed, Tom Whe^^^ShadowSystems.

    *Line Noise*

    *Returns to original text font & size*

    ...and I even use Microsoft Advanced Firewall!

    I'll be fine.

    =-)p

  4. Matt Piechota

    Holding!

    I'll be holding my breath for the vendor update to fix this.

    1. Number6

      Re: Holding!

      Feeling blue yet?

  5. Henry Wertz 1 Gold badge

    Is that usually adjustable?

    Is that usually even end-user adjustable? On (non-Linksys-style) Cisco gear, probably. I've usually only seen a choice of "on" or "off" for this though.

  6. Anonymous Coward
    Anonymous Coward

    So is it just NAT-PMP that's affected, or is it the more-commonly-used (at least according to my understanding, which as up-to-date as 802.11g) UPNP that my BT hub 3 uses?

    Or at least used to use. I'd forgotten to turn that mess off.

  7. Peter Gathercole Silver badge

    And this is why...

    ...I run an additional hardware firewall separate from my ADSL router.

    It's long been an axiom of any 'proper' security that you have multiple layers, each provided by a different vendor.

    Even if each of them may have their own vulnerability, it seriously deters casual hackers if once they've breached one line of defence, there's a new and different one to knock down.

    Some may see it as a challenge, but most will just give up.

  8. Zog_but_not_the_first
    IT Angle

    How do I check?

    I like to kid myself that I'm fairly savvy techwise, but how do I check my router for this vulnerability?

    How on earth can an ordinary user be expected to keep up with this kind of thing?

    1. Semtex451

      Re: How do I check?

      Which is why the pressure is rightly on the vendor/ISP. But that won't help you. Meantime RTFM (look it up)

  9. Steve Graham

    Online test

    Gibson Research: https://www.grc.com/x/ne.dll?bh0bkyd2

    It says I'm OK, which is good since I've disabled all access inwards from the internet.

    1. Zog_but_not_the_first
      Paris Hilton

      Re: Online test

      Good old Shields Up then.

      Probe my ports.

      Paris, natch.

  10. Anonymous Coward
    Anonymous Coward

    Culture of disposability

    Nearly all of the manufacturers shiiping routers/firewalls into the SOHO market have assumed as part of their business plans that these devices are basically disposable black boxes that will never need an update. Their R&D, manufacturing, pricing and support all depend on that assumption. That's why you rarely see software updates once a device is no longer in production. Of course the reality is that lots of these devices remain in service years after their release, becoming more vulnerable with each new exploit that remains unpatched. But that's the customer's problem.

    This is the main reason a lot of us are transitioning from cheap SOHO hardware to equipment that's easier to keep updated, like SBC's running software such as pfSense. That's probably not an option, yet, for the truly technologically clueless, but might be a good opportunity for someone who has both the marketing and business management talent to stimulate demand and deliver solutions.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like