May be they simply flag your router to not redirect to any web site, but the router still goes every x hours to their site to verify the current redirect status of your product. This wouldn't require admin privileges on your box to be done... but could make every router with such firmware DoS'able; just blackhole the Belkin site and every such request would need to timeout before the router resumes normal behaviour. Rubens ----- Original Message ----- From: "Steven M. Bellovin" <smb@research.att.com> To: <william@elan.net> Cc: <nanog@merit.edu> Sent: Saturday, November 08, 2003 11:44 AM Subject: Re: Web hijacking by router - a new method of advertisement by Belkin
In message <Pine.LNX.4.44.0311072211400.3208-100000@sokol.elan.net>,
william@el
an.net writes:
Would be interesting to see if their current advertisement (every 8
hours)
page would now be replaced with "We're so sorry that you're seeing this page, please make sure to download our latest patch so your router never bother you again and would keep us out of legal trouble" message...
The Belkin posting reproduced on Slashdot indicates that when you unsubscribe via their Web page, it modifies the configuration of your router. Say, what? There are ways in which an external Web server can change things on my box? How is that secured? I can think of lots of bad answers to that question, and not very many good ones.
--Steve Bellovin, http://www.research.att.com/~smb