Re: Web hijacking by router - a new method of advertisement by Belkin

["Rubens Kuhl Jr." <rubens () email com>]

May be they simply flag your router to not redirect to any web site, but the
router still goes every x hours to their site to verify the current redirect
status of your product. This wouldn't require admin privileges on your box
to be done... but could make every router with such firmware DoS'able; just
blackhole the Belkin site and every such request would need to timeout
before the router resumes normal behaviour.


Rubens


----- Original Message ----- 
From: "Steven M. Bellovin" <smb () research att com>
To: <william () elan net>
Cc: <nanog () merit edu>
Sent: Saturday, November 08, 2003 11:44 AM
Subject: Re: Web hijacking by router - a new method of advertisement by
Belkin


> In message <Pine.LNX.4.44.0311072211400.3208-100000 () sokol elan net>,
william@el
> an.net writes:
> > Would be interesting to see if their current advertisement (every 8
hours)
> > page would now be replaced with "We're so sorry that you're seeing this
> > page, please make sure to download our latest patch so your router never
> > bother you again and would keep us out of legal trouble" message...
>
> The Belkin posting reproduced on Slashdot indicates that when you
> unsubscribe via their Web page, it modifies the configuration of your
> router.  Say, what?  There are ways in which an external Web server can
> change things on my box?  How is that secured?  I can think of lots of
> bad answers to that question, and not very many good ones.
>
> --Steve Bellovin, http://www.research.att.com/~smb