Hacker pierces hardware firewalls with web page

Hacker pierces hardware firewalls with web page
Hacker pierces hardware firewalls with web page 

By Dan Goodin in San Francisco 
The Register
6th January 2010

On Tuesday, hacker Samy Kamkar demonstrated a way to identify a 
browser's geographical location by exploiting weaknesses in many WiFi 
routers. Now, he's back with a simple method to penetrate hardware 
firewalls using little more than some javascript embedded in a webpage.

By luring victims to a malicious link, the attacker can access virtually 
any service on their machine, even when it's behind certain routers that 
automatically block it to the outside world. The method has been tested 
on a Belkin N1 Vision Wireless router, and Kamkar says he suspects other 
devices are also vulnerable.

"What this means is I can penetrate their firewall/router and connect to 
the port that I specified, even though the firewall should never forward 
that port," Kamkar told El Reg. "This defeats that security by visiting 
a simple web page. No authentication, XSS, user input, etc. is 

Kamkar's proof-of-concept page forces the visitor to submit a hidden 
form on port 6667, the standard port for internet relay chat. Using a 
hidden value, the form surreptitiously coerces the victim to establish a 
DCC, or direct client-to-client, connection. Vulnerable routers will 
then automatically forward DCC traffic to the victim's internal system, 
and using what's known as NAT traversal an attacker can access any port 
that's open on the local system.


Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 

Site design & layout copyright © 1986-2014 CodeGods