Yesterday I watched the presentation by Craig Heffner at DEFCON 18, where he describes using DNS rebind attacks to gain access to routers’ configuration pages from the public Internet. It’s a pretty complicated attack, requiring a rogue domain and server, and whose success relies on two pretty glaring end-user mistakes:
- Visiting that rogue domain and server; and
- Leaving a weak or default username and password on the router’s admin page.
Most people savvy enough to flash their router with DD-WRT know enough to steer clear of those mistakes, but it still bothers me that DD-WRT remains technically vulnerable to this attack.