摘要
IoT时代,SOHO级路由器主要用于小型办公室与家庭办公网络,是广大用户接入互联网的基础入口,几乎所有关于用户安全与隐私的智能设备都会与之相连,通过破解SOHO路由器来窃取用户隐私、控制智能设备等是常见的攻击手段。从2017年至今,相关路由安全报道基本只涉及SOHO级路由产品(如D-Link、TP-Link、Linksys),企业或者行业应用的专业类产品并未入列。现有的漏洞包含:缓冲区溢出,传统的Web攻击(如XSS和CSRF)、DoS攻击、身份认证绕过、留驻后门。笔者主要研究SOHO路由器安全性问题,阐述利用以上路由器漏洞进行攻击的方法,并提出几类攻击的防护措施。
In the IoT era,SOHO level routers are mainly used in small offices and home office networks.It is the basic entrance of the vast number of users to access the Internet.Almost all intelligent devices about user security and privacy will be connected.It is a common attack means to steal users'privacy and control intelligent devices by cracking SOHO routers.From 2017 to date,the related routing security reports are basically only related to SOHO level routing products(such as D-Link,TP-Link,Linksys),and the professional products of enterprise or industry application are not listed.The existing vulnerabilities include buffer overflow,traditional Web attacks(such as XSS and CSRF),DoS attack,authentication bypass,and back door.The author mainly studies the security of SOHO router,expounds the method of attacking by using the above router loopholes,and puts forward several protective measures for attacks.
作者
路江
郭向民
Lu Jiang;Guo Xiangmin(Jiangsu Police Institute,Nanjing Jiangsu 210031,China)
出处
《信息与电脑》
2018年第13期215-217,220,共4页
Information & Computer
基金
江苏省高等学校大学生实践创新训练计划省级重点项目(项目编号:201710329012Z)
江苏省现代教育技术研究课题(项目编号:2017-R-58308)
