Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Who's got it? Who's giving it away? How to protect your privacy and steal it from other people. For intellectual privacy, personal privacy, and blackhats alike... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
detecting router backdoors
Posted by: Albino
Date: September 03, 2010 12:54PM

The question is, how would you detect an IP-specific backdoor in your router if you didn't have ftp/telnet/ssh access to it? The only method I could think of was spoofing portscans to it from your vendor's IP, then checking the routers logs to see if it replied. Can anyone think of a better way?

The background;
After reading about a backdoor with a hard-coded password present in all BE routers (including my old router) at http://blogs.securiteam.com/index.php/archives/826 I started wondering about backdoors. I had foolishly assumed that the router didn't have a backdoor because when I nmap'd it from the WAN it showed no open ports, but it turns out the backdoor was just keyed to the IPs of the BE office.

Options: ReplyQuote
Re: detecting router backdoors
Posted by: id
Date: September 03, 2010 02:15PM

there are a lot of ways they could backdoor it without you knowing, and odds are you don't have access to other side of the router (cable/dsl/fiber) to sniff the network traffic. But most likely just SNMP managed and is either password protected and/or restricted to certain networks or addresses.

You could take it apart and see if it has a RS232 interface or some other way to access it...figure out how to set it to maintenance mode, etc

-id

Options: ReplyQuote


Sorry, only registered users may post in this forum.