Happy New Year

I hope you have all made it through the holiday season secure and are ready to take on the New Year!

Unfortunately, this year starts with another scary router story I have to tell.

Eloi Vanderbeken from France spent his days over the holidays to explore his router. What he found may not really surprise you as a reader of my NetworkToolbox news. He found a back-door in his router.

This time (again) several Netgear, Cisco/Linksys routers are affected. The following routers models are reported to contain the back-door:

  • Linksys/Cisco: WAG200G, WAG320N, WAG54G2, WAG120N, WAG160N, WAP4410N, WRVS4400N
  • Netgear: DM111Pv2, DGN1000, DG834G, DGN3500, DG834, DG934, WPNT834, WG602, WGR614
  • Diamond DSL642WLG and LevelOne WBR3460B

The scary part of the story:

  • The back-door is quite easy to use.
  • It is quite easy to read out the whole configuration, including passwords out of these routers
  • According my own investigation by using my Morpheus engine, some of these routers (such as the DG834) also exposes this back-door to the Internet.

Due to the “ease of use” of this back-door and the fact that the whole configuration can be read out remotely over the Internet, the owners of the effected routers are under great danger.

My recommendation, if you own one of these routers, switch them off as quick as you can and throw them away and buy something else but Linksys/Cisco or Netgear (and D-Link as mentioned earlier). Even though other routers may (or will most likely) also have back-doors and may be vulnerable but not as easy as those candidates.

Anyway, back to NetworkToolbox.

During the holidays, I received several very good suggestions and ideas. Many thanks. I already started working on most of them so there will be another App update with new features and improvements in a few weeks (hopefully).

I was able to implement one request (Thanks Tim!) immediate which is already available to you. If you now use the domain tool to search for information about an IP address, this tool now also does a reverse DNS search so you can see the domain name of the IP.

Again all the best to you and have a secure 2014!

Kind regards,

Marcus