[Dshield] Log extraction software for the Belkin F5230 4-Port 10/100 DSL/Cable Router

Derek Witt dwitt1 at kc.rr.com
Sat Mar 13 07:05:48 GMT 2004


Good  morning, everyone. I have a Belkin F5230 router.  As you may have
noticed, this router only has logs accessed via its web-based setup
utility (http://192.168.2.1:88).  

Now, I have noticed that this router's setup interfaced can be accessed
via the following URL:
(http://192.168.2.1:88/?pws=RouterPassword&page=login).  Now, as you can
see, this is unsettlingly insecure.   As long as you limit remote access
to port 88 as much as possible, it's very secure. I personally  do not
enable remote management.

At the same time, I used this fact to write a Java program to
automatically log into the router first via that URL.  Then, I had my
program extract the router's external IP from
http://192.168.2.1:88/main.HTM.   

The security log (which records all remote TCP/IP connection attempts,
all TCP SYN flood attempts thus far) is found at
http://192.168.2.1:88/security.htm.  I have yet to see if this same log
does UDP (any nmap results do not seem to appear in this log).  But this
router does deny all unauthorized UDP attempts.
Now, as you may have noticed, the security log actually puts the log
entries into the HTML source itself (it's simply put into a <TEXTAREA
name="securitylog">...</TEXTAREA> section).  Similarly, the DHCP Client
log is structured as such.

So, I have attached my resulting program. I developed  this software
using Java SDK 1.4.2 (in Linux) and have tested it with 1.5.0-beta1
(again in Linux) and it works fine there, too. This software outputs a
log file using Zone Alarm's format.  It should build and run fine in
other platforms for which Java has been written.

I appreciate any critiques, comments, or suggestions on this. Thanks.

-- 
Derek Witt <dwitt1 at kc.rr.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040313/118383de/attachment.bin


More information about the list mailing list