lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <69c64db10610301700q7eeb0115nea0aafb168962561@mail.gmail.com>
Date: Mon, 30 Oct 2006 20:00:21 -0500
From: "Nikolai Grigoriev" <ngrigoriev@...il.com>
To: bugtraq@...urityfocus.com
Subject: Hawking Technology wireless router WR254-CA DNS issue

Hi,

I have discovered a security issue with Hawking Technology wireless
router, model WR254-CA. Since they are still available on the market
so I think it will be good to warn the community.

This router contains a DNS address 139.175.55.244 hardcoded in the
firmware. At least when used in DHCP mode, the set of DNS IP addresses
coming from the ISP does NOT override this hardcoded IP address. The
router takes only first real DNS IP address and puts it to the second
place on its list. Because of this,  the hardcoded address is used
first when you try to resolve a hostname through the router (it sends
its own IP address over DHCP to the machines in the local network so
it is typical case).

I have discovered that a similar issue has been reported against Zyxel
P2000W VoIP phone by Shawn Merdinger some time ago - it was exactly
the same hardcoded IP address.

I have attempted to contact Hawking Tech technical support but after
exchanging a couple of emails (they could not understand why do I
consider this a problem) they have stopped answering. Finally, I have
got the answer that "I think it is hard coded inside the router, in
case no DNS server obtain by the DHCP, you still can browse the
internet.".

I would suggest to stay away from this product, check other similar
products from this company and use static DNS configuration if you
actually have this router.

In addition to the danger of having an untrusted DNS server used
without your explicit permission, there is something strange happening
with this DNS server (dns.seed.net.tw).  Sometimes I see that some
well-known host names get resolved into wrong IP addresses (about 2-3
weeks ago they had troubles with *.google.com). It may be just a bug
or an attempt to  do something more interesting. Anyway, it is a
separate problem.

-- 
Nikolai Grigoriev
(514) 909-7846
(514) 260-6402

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ