router logins

L

LemonScrub

Well-Known Member
Joined
Sep 20, 2011
Messages
156
Reaction score
0
If you dont have remote management enabled on your router. Then whats the need to change the default admin password, since only the people on your local network could get into the admin page. And in a home environment, if they have physical access to the router, surely you have bigger things to worry about. If a strong WPA2 key is set then they would have to physically already be on the network?
 
OGroteKoning said:
Belts and braces dude! You can not have enough security.
Click to expand...

Thats true if it was an online service.. however you can only login to the router locally.. so what use would a harder password make, when they could just reset the router if they had physical access?
 
I am not a guru on the subject, but your neighbours can gain access to the router. Perhaps a different question: Why wouldn't you want to change the default login?
 
Visit a malicious page from your home PC, it makes a request to http://admin:[email protected]/enableRemoteManagement.

Your own PC can reach it, and if you have not changed the password, your browser may automatically provide the credentials in the URL when the router prompts for Basic Authentication. Alternatively, multiple-step requests could be used to submit POST's to the login page, authenticate the connection, then make the necessary changes to your router config.
 
OGroteKoning said:
I am not a guru on the subject, but your neighbours can gain access to the router. Perhaps a different question: Why wouldn't you want to change the default login?
Click to expand...

How could a neighbour gain access without knowing the WPA2 key to get onto the wifi first?
 
RoganDawes said:
Visit a malicious page from your home PC, it makes a request to http://admin:[email protected]/enableRemoteManagement.

Your own PC can reach it, and if you have not changed the password, your browser may automatically provide the credentials in the URL when the router prompts for Basic Authentication. Alternatively, multiple-step requests could be used to submit POST's to the login page, authenticate the connection, then make the necessary changes to your router config.
Click to expand...

Thats assuming that the malicious page knows the layout for every router firmware, and that the router uses Basic Authentication.
 
LemonScrub said:
How could a neighbour gain access without knowing the WPA2 key to get onto the wifi first?
Click to expand...

It is called hacking. There is software used to figure out the key

But you must make as you please. I changed both the login name and password on my router
 
LemonScrub said:
How could a neighbour gain access without knowing the WPA2 key to get onto the wifi first?
Click to expand...

WPA2 is better than nothing and better than WEP but it is not 100%.

Also, leaving default usernames and passwords for any system is about one of the most insecure things you can do generally. If someone somehow does compromise your network, this makes it easy for the hacker.
 
OGroteKoning said:
It is called hacking. There is software used to figure out the key

But you must make as you please. I changed both the login name and password on my router
Click to expand...

I'm aware.. but then your saying a strong WPA2 key is pointless.
 
InvisibleJim said:
WPA2 is better than nothing and better than WEP but it is not 100%.

Also, leaving default usernames and passwords for any system is about one of the most insecure things you can do generally. If someone somehow does compromise your network, this makes it easy for the hacker.
Click to expand...

i know of many IT people that use simple router logins that have no remote management turned on
 
dude, you clearly dont want to listen to anyone so keep everything default.
Despite the fact it takes 10 seconds to change the username and password.
 
Is it THAT much work to just set a password for peace of mind?

For that matter with no password someone could sneakily make changes to your router (someone inside your network) which you wouldn't notice. Something like adding some port forwarding or adding remote login so they can access your network later without you noticing.

It takes all of three seconds to do, so why not just do it? Why even question the logic?

*****

It's not about IF your network gets compromised, but rather WHEN it gets compromised it will take the hacker <1 second to break into the rest of your network rather than the few minutes or maybe even hours that it would have taken with just a little bit of security.
 
OGroteKoning said:
Belts and braces dude! You can not have enough security.
Click to expand...

+100 - guess I am paranoid :)

@LemonScrub: it's your dime. Install as much - or as little - security as makes you happy.

For myself: I installed CAT5e throughout the house to eliminate the need for Wi-Fi ...

But then, as I have already said, I'm paranoid ... :D
 
SauRoNZA said:
Is it THAT much work to just set a password for peace of mind?

For that matter with no password someone could sneakily make changes to your router (someone inside your network) which you wouldn't notice. Something like adding some port forwarding or adding remote login so they can access your network later without you noticing.

It takes all of three seconds to do, so why not just do it? Why even question the logic?
Click to expand...

It is changed.. my argument is, in a home environment why do you need to make the router admin login strong, when just changing from the default is good enough? Especially if its just you and your wife on the network
 
rrh said:
+100 - guess I am paranoid :)

@LemonScrub: it's your dime. Install as much - or as little - security as makes you happy.

For myself: I installed CAT5e throughout the house to eliminate the need for Wi-Fi ...

But then, as I have already said, I'm paranoid ... :D
Click to expand...

I too would do cat5 thoughout, but mobile devices need network access too
 
LemonScrub said:
i know of many IT people that use simple router logins that have no remote management turned on
Click to expand...

I've worked in IT for nigh on 40 years. In my experience - unless the person has an interest in hardware - most in IT can't install a program on their own PC ...
 
LemonScrub said:
If you dont have remote management enabled on your router. Then whats the need to change the default admin password, since only the people on your local network could get into the admin page. And in a home environment, if they have physical access to the router, surely you have bigger things to worry about. If a strong WPA2 key is set then they would have to physically already be on the network?
Click to expand...


LMFAO XD love people like you ;) it gives me hours of entertainment value. There are so many reasons it is just stupid to keep your admin passwords default on any device it is silly!

I am pretty sure you have some other vulnerable system on your network. Let me put it to you like this. If you are to lazy to change your default password and you are talking about your WPA2 security on your wireless. I can deduct that you propably have a relatively modern adsl modem. That supports WPS and that i can rape your whole network with my reaper.

Dont be stupid.

Just change the password to something with 8 characters( uppercase number and special character NOT Password!1 something stupid like that).
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X