A researcher has discovered what he describes as a "backdoor" in DSL routers that could enable attackers to gain administrative access.
In a post on the GitHub site, researcher Eloi Vanderbeken offers a proof of concept showing how he was able to crack his own Linksys DSL router and gain administrative access to a home network without authentication. Subsequent posts indicate that the proof of concept would also work on routers made by other vendors.
The backdoor was found through scans of a little-known port, 32764/TCP, which is now being scanned more broadly, according to the Internet Storm Center (ISC).
"We do see a lot of probes for port 32764/TCP," says ISC's Johannes Ullrich in an online post. "At this point, I urge everybody to scan their networks for devices listening on port 32764/TCP. If you use a Linksys router, try to scan its public IP address from outside your network.
"Our data shows almost no scans to the port prior to today, but a large number from 3 source IPs [on Jan. 2]," ISC's post says.
Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio