Home / Blogs

Broadband Routers and Botnets: Being Proactive

Gadi Evron

In this post I'd like to discuss the threat widely circulated insecure broadband routers pose today. We have touched on it before.

Today, yet another public report of a vulnerable DSL modem type was posted to bugtraq, this time about a potential WIRELESS flaw with broadband routers being insecure at Deutsche Telekom. I haven't verified this one myself but it refers to "Deutsche Telekom Speedport w700v broadband router":


If you all remember, there was another report a few months ago about a UK ISP named BeThere with their wireless router being accessible from the Internet and exploitable, as another example:


Two issues here:
1. Illegitimate access to broadband routers via wireless communication.
2. Illegitimate access to broadband routers via the WAN.

I'd like to discuss #2.

Some ISPs which provide such devices (as in the example of #2 above) use them as bridges only, preventing several attack vectors (although not all). Many others don't. Most broadband ISPs have a vulnerable user-base on some level.

Many broadband ISPs around the world distribute such devices to their clients.

Although the general risk is well known, like with many other security issues many of us remained mostly quiet in the hope of avoiding massive exploitation. As usual, we only delayed the inevitable. I fear that the lack of awareness among some ISPs for this "not yet widely exploited threat" has resulted in us not being PROACTIVE and taking action to secure the Internet in this regard. What else is new, we are all busy with yesterday's fires to worry about tomorrow's.

Good people will REACT and solve the problem when it pops up in wide-exploitation, but what we may potentially be facing is yet another vector for massive infections and the creation of eventual bot armies on yet another platform.

My opinion is, that with all these public disclosures and a ripe pool of potential victims, us delaying massive exploitation of this threat may not last. I believe there is currently a window of opportunity for service providers to act and secure their user-base without rushing. Nothing in security is ever perfect, but actions such as changing default passwords and preventing connections from the WAN to these devices would be a good step to consider if you haven't already.

My suggestion would be to take a look at your infrastructure and what your users use, and if you haven't already, add some security there. You probably have a remote login option for your tech support staff which you may want to explore - and secure. That's if things were not left at their defaults.

Then, I'd also suggest scanning your network for what types of broadband routers your users make use of, and how many of your clients have port 23 or 80 open. Whether you provide with the devices or not, many will be using different ones set to default which may pose a similar threat. Being aware of the current map of vulnerable devices of this type in your networks can't hurt.

It is not often that we can predict which of the numerous threats out there that we do not address currently, is going to become exploited next. If you can spare the effort, I'd strongly urge you to explore this front and be proactive on your own networks.

The previous unaddressed threat which most of us chose to ignore was spoofing. We all knew of it for a very long time, but some of us believed it did not pose a threat to the Internet or their networks for no other reason than "it is not currently being exploited" and "there are enough bots out there for spoofing to not be necessary". I still remember the bitter argument I had with Randy Bush over that one. This is a rare opportunity, let's not waste it.

We are all busy, but I hope some of you will have the time to look into this.

I am aware of and have assisted several ISPs, who spent some time and effort exploring this threat and in some cases acting on it. If anyone can share their experience on dealing with securing their infrastructure in this regard publicly, it would be much appreciated.


Gadi Evron.

By Gadi Evron, Security Strategist. More blog posts from Gadi Evron can also be read here.

Related topics: Access Providers, Broadband, Regional Registries, Security, Telecom

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum

Encrypting Inbound and Outbound Email Connections with PowerMTA

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

Data Volumes and Network Stress to Be Top IoT Concerns

DKIM for ESPs: The Struggle of Living Up to the Ideal

Sponsored Topics



Sponsored by

DNS Security

Sponsored by


Sponsored by
Afilias - Mobile & Web Services


Sponsored by
Afilias - Mobile & Web Services