Wi-Fi is a shared, half-duplex medium. Furthermore, every unicast frame must be acknowledged by the receiver. Combine these facts with a crowded spectrum in most areas, and we have every reason we need to keep unnecessary traffic off the airwaves.
Yesterday I watched the presentation by Craig Heffner at DEFCON 18, where he describes using DNS rebind attacks to gain access to routers’ configuration pages from the public Internet. It’s a pretty complicated attack, requiring a rogue domain and server, and whose success relies on two pretty glaring end-user mistakes:
- Visiting that rogue domain and server; and
- Leaving a weak or default username and password on the router’s admin page.
Most people savvy enough to flash their router with DD-WRT know enough to steer clear of those mistakes, but it still bothers me that DD-WRT remains technically vulnerable to this attack.