# More router fun with DNS phishing



## tchen (Mar 14, 2014)

It's probably worth checking your routers again for firmware updates.


A couple older router vulnerabilities like the d-link and newer ones that affect zynos, tplink, and trendnet routers.


https://www.team-cymru.com/ReadingRoom/Whitepapers/2013/TeamCymruSOHOPharming.pdf


Usual mitigation by restricting external access, although I know some routers won't fully close off their http ports


----------



## Raymii (Mar 14, 2014)

The Zyxel Zynos/rom-0 doesn't work on my zyxel  Been trying to exploit that thing for a while, however, can't open it because provider contract restrictions... With jtag however, it would be a breeze...


----------



## Nikki (Mar 14, 2014)

I helped someone who had their dns hijacked like this, it was used to prompt for a 'flash player update', which they never did. It's very clever and pretty hard to figure out.

It's usually a good idea to set your own dns servers on your computer rather than relying on your router for it


----------



## Wintereise (Mar 14, 2014)

Related NANOG discussion, for anyone interested: http://mailman.nanog.org/pipermail/nanog/2014-March/065085.html


----------

