The Router You Owe May Be Vulnerable, Story Of The Fixed Router Backdoor!




2013 was the year, French hacker Eloi Vanderbeken was enjoying his Christmas and decided to tweak some of the performance settings. Funny thing happened was that "He forgot his own password!", so hacking his way in seemed more fun than that of resetting the router. *Clup*Clup*Boom*
Long story short, Vanderbeken found his way in.

He found that a service listening on port 32764 that could be instructed, without authentication, to dump the router's configuration and username and password!

Luckily, for you that port was listening on the internal side and not the internet side or the WAN side! that means, this backdoor exists so as so it's only accessible to users who are already on your network i.e. on your subnetwork, but still it's a giant security hole, For example: You tell me "Hey Hrishi! mind if you do some performance upgrades on my laptop?" I sit, I become evil, and I get into your router and mess with the settings, including opening up the backdoor on the internet interface so they can get back in later! That's how dangerous it was!

So, Vanderbeken reported it. Backdoor Patched! WoooLaa! NOT so soon.! As the main purpose of the backdoor was to actually help the management software of the router which many of you can access by typing your router's IP address into the URL bar. Vanderbeken soon found that the backdoor was still there! but turned off by default.

He tweaked more and found a way to re enable the backdoor by sending the router a so-called "magic ethernet packet". Read about Ethernet II type packets here.


this is a ethernet type II frame that i snapped from wikipedia.



Going theory! If you don't know mac-address, google it and the CRC is for data error recovery.
EtherTypes are 0800 for an IPv4 packet, 86DD for an IPv6 packet, 0806 for ARP (address resolution protocol), and 0842 for Wake-on-LAN(the magic packet).

Vanderbeken's router also listened for Wake-on-LAN's on etherType 8888.  What he did was very simple and easy, but resulted in a boom! router was sent an 8888-type packet containing the number
0x0201 (command identifier also very important for Cisco routers for resets), and the MD5 checksum of the string DGN1000, corresponding to his router's model number, this is a great example of thinking out of the box!

That little trick made the dead backdoor alive again! and He also discovered that sending a broadcast messages of type 8888 packet with command number 0x0200 makes the router reply, allowing an attacker on a LAN to find any exploitable routers.

Now How To be safe?

You know what, you can never be safe. Really. If you are thinking that I too will send packets on 8888 and detect the magic packet and block it. totally wrong. Because it varies with different firmwares and hardware, and the MD5 checksum may also differ.  

See if your router supports  an open source firmware such as DD-WRT or OpenWRT, They are great! These are linux based, and so many kind developers around the world are always ready to give you some hand. with patches form guy of 16 to a old master. 

So, go on tweak it, find something, use security measures. Don't worry, I won't drop on you. ;)

Any Suggestion/Question? Sure! on the comments!  




CCNA Helper - Which Cable to use straight through or cross over!

 

Straight Through or X-over! Confused?

If you are studying for the CCNA or any other networking cert, or you just want to know when to use which cable, You'll owe your life to this article! 

A very very simple and easy way is just to have a look at this picture:
That's it! 
Like Devices = Crossover Cable
Router-PC = Crossover Cable
Configure = Rollover Cable = Console Cable 
Others = Straight through Cable

Again, You might also want to know about the pin outs,
So here's a very convenient way to see and remember:

Now you might have guessed about "Why Routers and PC use crossover cable?"
That's because the use the same set of pins to transmit and receive, if router to PC connection used Straight through, then there will be lots of collisions. 

PRO TIP: You really won't see many networks with a PC connected to a router for some real bandwidth purpose with a X-over Cable, utmost you'll see a laptop connected to a router with a rollover cable for router configuration. 



If You have any question, please post it in the comments section

Headers and The OSI Model – A brief explanation

Headers and The OSI Model – A brief explanation
If you want to know how "logically" the message you send on facebook reaches the other end to your friend, This post will give what you want to know. You must know that this is the "logical way" and I'll be posting how it goes on the physical network in my next post(about which many of you might know), Whenever it comes to the "logical way" The First thing that pops up into a network engineer's mind is "tcp/ip model and osi model" The OSI Model is widely adapted, So we'll discuss about that one.

 The OSI model is just model, and understanding how it works is makes you understand  the core networking concepts. In this post, I’ll discuss about “How this imaginary model actually gets to work and why and  how  the headers work ”.


There are 7 layers in the OSI model as you might know if you are spending some time with networking, basically talking about headers and the osi model, one thing pops up and that is “Encapsulation” to encapsulate means, to augment the data with headers, about which we’ll be discussing in this article. In some particular cisco or non-cisco documentation, you'll find that "encapsulation" means data hiding , That's is true when it comes to the 6th(Presentation Layer). Because That's what that 6th Layer of the OSI Model Does.

So, When we use Facebook or twitter we are actually sending a HTTP get request (not every time though), The User Using Browser  is at application layer, He sends the a piece of data to somebody, the browser does what it needs to be done in the preceding layer that is the presentation layer and then it goes down the transport layer and so on. When we send data through the internet, we need to encapsulate “packets”(data called at network layer) with headers as well. And Encapsulating your data is what practically the imaginary OSI model does.

So that data/message need to have an source and destination IP address and a mac-address, both are mandatory for a successful connection, So as the message goes down from the application layer, each layer adds its own header down to the physical layer (this is what encapsulation is). And mind it, datalink layer adds a header and a tailer both and physical layer adds none, Every layer have to add their own control information about which we’ll be discussing later.

Now let’s Discuss about the OSI model again, When the data comes down to the transport layer the whole data is converted into “segments”(Data is called segments at transport layer) or maybe only a only a portion of it is converted i.e. the Transport layer adds it’s header to the data and we call it the header Payload and payload is a general term of adding something to the main data, You’ll Hear about payload a lot if you are associated with security.

Don’t confuse yourself  by mixing segments and payloads. Payloads are the Headers, you may call the combination of data and layer specific header/payload  PDU’s(Protocol Data Units).
For Example,
Layer4 Segment= L4PDU
Layer3 Packet = L3PDU.
Layer2 Frames=L2PDU

Now, the segment gets down to Layer 3 (Network layer) where by adding L3 header, the segment becomes a “packet”. Then down to Layer2(Datalink Layer) this adds a layer2 header and a tailer and makes it a “frame” and the then goes down the physical layer (Wires and Electronics) and to your friend on facebook, Data reaches his NIC on this computer and then goes up to datalink layer, datalink layer decodes the datalink layer header and tailer and then data goes up to network layer where his L3 decodes the L3 header from your PC and so forth. And this may sound physical(the OSI model) but it’s not. and going up it reaches the application layer and Google Chrome pops up in his PC with your message!
Now why on earth does every layer have to add their own control information? Why Headers? 
Well because, it allows the machines to distinguish between the messages. For instance the Layer 3 header contains the source and destination IP addresses of the next hop and Layer 2 header contains source and destination mac addresses and you can guess the forth part. Here, More header means move overhead, now the headers don’t take like half of the packet size but still it does what we call he overhead and makes the data heavier. And this relates to packet switching and circuit switching but we’ll not discuss it here.

If you have any question, you can post it in the comments section, I’ll try to answer them as soon as possible.