A severe UPnP flaw allows router hijacking. Experts believe that 99% of home routers are vulnerable. This is a potentially alarming development.
An attacker will most likely use the vulnerability to alter a home (or small business) router’s DNS settings, which will effectively direct every computer in the network to visit sites of the attacker’s choosing.
How the attack will work: attackers will place malicious code on web sites in SWF (Flash) or other active content that will contain UPnP commands that the router will intercept.
Things you can do:
1. Disable UPnP on your router. Most people don’t use it anyway. I use it but will probably deactivate it this week.
2. Implement OpenDNS or ScrubIT DNS on your internal systems. This will effectively bypass your router’s DNS, making a DNS attack on your router irrelevant.
3. Find someone who knows about home/SMB Internet router configuration who can tell you if your router has been compromised. Know your router’s configuration.
4. Change (or establish) the administrator password on your router. This is just a good idea anyway.
5. Contact your Internet service provider and ask for information about updates to counter this vulnerability.
6. Implement firewalls on individual systems in your network. If an attacker decides to deactivate the firewall function on your router, PC based firewalls will continue protecting them.
Links to information:
SANS Internet Storm Center article
Older story on home router vulnerability
Peter H. Gregory 