ADSL router exploitation
| dc.contributor.advisor | Ξενάκης, Χρήστος | |
| dc.contributor.author | Στασινόπουλος, Αναστάσιος Χ. | |
| dc.date.accessioned | 2014-05-29T11:28:04Z | |
| dc.date.available | 2014-05-29T11:28:04Z | |
| dc.date.issued | 2014-05-29T11:28:04Z | |
| dc.identifier.uri | https://dione.lib.unipi.gr/xmlui/handle/unipi/5841 | |
| dc.language.iso | el | |
| dc.rights | Αναφορά Δημιουργού-Μη Εμπορική Χρήση-Όχι Παράγωγα Έργα 4.0 Διεθνές | |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/4.0/deed.el | |
| dc.subject | Computer networks -- Security measures | |
| dc.subject | Malware | |
| dc.subject | Computer security | |
| dc.subject | Routers (Computer networks) | |
| dc.title | ADSL router exploitation | |
| dc.type | Master Thesis | |
| europeana.isShownAt | https://dione.lib.unipi.gr/xmlui/handle/unipi/5841 | |
| dc.identifier.call | 005.8 ΣΤΑ | |
| dc.description.abstractEN | ADSL routers are an integral part of today's home and small office networks. Typically, these devices are provided by a user's ISP and are, usually, managed by people who do not have any special technical knowledge. Often poorly configured and vulnerable, such devices are an easy target for network-based attacks, allowing cyber¬criminals to quickly and easily gain control over a network. In this paper, we systematically evaluate the security of ADSL routers and identify the potential of attacks, which attempt to compromise the vulnerabilities of their web interface. More specifically, we present common vulnerabilities and attacks that occur in websites on the Internet, and project them on the special characteristics of the web management interface of ADSL routers. To put this analysis into a practical context, we investigate the security of a popular ADSL router provided by a Greek ISP. In this security assessment, we have discovered two 0-day vulnerabilities in the web management interface of the tested router. In particular, we discovered an operating system (OS) command injection and stored Cross-Site Scripting (XSS) attack. A malicious may exploit these vulnerabilities to perform several large-scale attacks. Specifically, he/she can perform DNS hijacking attack and redirect the users to fake web sites for phishing; mount a Distributed Denial of Service (DDoS) attack using the compromised routers as zombie machines; or even spread a malware. Finally, we discuss some well-known security practices that should be followed fro |
Αρχεία σε αυτό το τεκμήριο
Αυτό το τεκμήριο εμφανίζεται στις ακόλουθες συλλογές
-
Τμήμα Ψηφιακών Συστημάτων
Department of Digital Systems
Εκτός από όπου διευκρινίζεται διαφορετικά, το τεκμήριο διανέμεται με την ακόλουθη άδεια:
Αναφορά Δημιουργού-Μη Εμπορική Χρήση-Όχι Παράγωγα Έργα 4.0 Διεθνές
Αναφορά Δημιουργού-Μη Εμπορική Χρήση-Όχι Παράγωγα Έργα 4.0 Διεθνές