Home / Blogs

More on Broadband Router Insecurity and Being Proactive

Gadi Evron

Fergie replied on NANOG to my recent post on the subject of broadband routers insecurity:

"I'll even go a step further, and say that if ISPs keep punting on the whole botnet issue, and continue to think of themselves as 'common carriers' in some sense — and continue to disengage on the issue — then you may eventually forced to address those issues at some point in the not-so-distant future.

I understand the financial disincentives, etc., but if the problem continues to grow and fester, and consumer (and financial institutions) losses grow larger, things may take a really ugly turn."

He is right, but I have a comment I felt it was important — to me — to make. Not just on this particular vulnerability, but on the "war".

I must admit, vulnerabilities are endless and new exploitation vectors will never end, even if it was possible and we were all 100% secure, someone (an attacker rather than a vulnerability) will find a way to make it 99% again for the right investment or with the right moment of brilliance.

Enough with cheap philosophy though… as tired (even exhausted) as I am of the endless repeating circle which security is, on all levels (from the people involved through the interests involved all the way to the same-old-FUD) I still haven't burned out, and I am still here.

The world isn't going to end tomorrow, and even if the Internet was to die (which I doubt it will), we will survive. However, in the recent couple of years a new community has been forming which we started referring to as "Internet security operations". These folks, for various motives, work to make the Internet stay up and become safer (actually being safe is a long lost battle we should have never fought the way things were built).

With such a community being around, treating issues beyond our little corner of the 'net is possible to a level, and at least some progress is made. Some anti-virus engineers no longer care only about samples, some network engineers no longer care only about their networks, etc.

Is any of this a solution? No. The problems themselves will not go away, they aren't in any significant fashion currently being dealt with beyond the tactical level of a fire brigade.

Is it the end than? Of course not. But operations vs. research are determined by intelligence. As we have some intelligence, I can point to yet another annoying vulnerability in the endless circle which those of us who will want to, can study, and if they feel it is justified, defend against. That is the broadband routers issue, which personally I'd really rather avoid.

Unfortunately, this limited defense is what most of us can do at our own homes, or tops as a volunteer fire brigade or neighborhood watch.

The Internet is the most disconnected global village I can imagine, but we all have the funny uncle on another network and a weird one on yet another. I sometimes feel that the old analogy of the Internet to the Wild West is not quite it. Perhaps we are living in the Wild West, only if instead of wastelands and small towns, we have New York city and the laws of a feudal dark ages Kingdom.

Things will eventually change, and some of us will stick around to help that change (or try to). For now though, it is about one vulnerability ignored at a time, and working on our communities.

By Gadi Evron, Security Strategist. More blog posts from Gadi Evron can also be read here.

Related topics: Access Providers, Broadband, Cybersecurity, Networks, Telecom


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

IP Addressing

Sponsored by Avenue4 LLC

Mobile Internet

Sponsored by Afilias Mobile & Web Services

DNS Security

Sponsored by Afilias


Sponsored by Verisign

Promoted Posts

Buying or Selling IPv4 Addresses?

ACCELR/8 is a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman that enables organizations buying or selling blocks as small as /20s to keep pace with the evolving demands of the market by applying processes that have delivered value for many of the largest market participants. more»

Industry Updates – Sponsored Posts

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

Mobile Web Intelligence Report: Bots and Crawlers May Represent up to 50% of Web Traffic