ADSL router security concern in South Africa

Can someone explain how this enables attacks? Other than changing dns settings, I dont see how anyone can use a router to perform any kind of attack?
 
2012 said:
Can someone explain how this enables attacks? Other than changing dns settings, I dont see how anyone can use a router to perform any kind of attack?
Click to expand...

If you're able to access the router remotely, you can do a number of things:
a) get the username and password (Netgear stores it in plaintext, I think Dlink does too)
b) portforward the ports as you wish, or turn the firewall off
c) DNS poisoning by setting the router to use poisoned DNS servers
 
Great article, cannot stress enough the importance of a well configured router...
froot said:
If you're able to access the router remotely, you can do a number of things:
a) get the username and password (Netgear stores it in plaintext, I think Dlink does too)
b) portforward the ports as you wish, or turn the firewall off
c) DNS poisoning by setting the router to use poisoned DNS servers
Click to expand...
 
All ADSL routers have remote management disabled on the WAN interface by default and enabled on the LAN interface (obviously, otherwise how would you configure it). I've never encountered a single router, not even a cheap and nasty one, that has remote management enabled by default on the WAN interface.
 
deweyzeph said:
All ADSL routers have remote management disabled on the WAN interface by default and enabled on the LAN interface (obviously, otherwise how would you configure it). I've never encountered a single router, not even a cheap and nasty one, that has remote management enabled by default on the WAN interface.
Click to expand...

+1 dude. i can check the logs on netgear and often see someone trying but they get dropped because wan remote management is disabled. and normally these attacks are dictionary attack. so just change password to P@$$w0rd and they wont even have a chance :) done
 
LinuxMan said:
Great article, cannot stress enough the importance of a well configured router...
Click to expand...

^^ This
With all the knowledge on this forum, can someone please do a thread oor link to a thread which addresses security for routers. I would if my knowledge was not so limited, in fact i consider myself a noob on this subject. There are bits and pieces in various threads, but I could not find a single thread dedicated to this issue.
 
I have a D-Link 2750U and there is no way to access it remotely.

You can only admin it from within the network. There is a support user for remote access, but what you're able to do is limited.
 
OGroteKoning said:
^^ This
With all the knowledge on this forum, can someone please do a thread oor link to a thread which addresses security for routers. I would if my knowledge was not so limited, in fact i consider myself a noob on this subject. There are bits and pieces in various threads, but I could not find a single thread dedicated to this issue.
Click to expand...
Check out the post I did for the competition last week. Follow the part about changing the modem's login password and the wireless security.
http://mybroadband.co.za/vb/showthread.php/532369-How-to-configure-your-ADSL-Modem-Router
Let me know if it answers your questions.
 
deweyzeph said:
All ADSL routers have remote management disabled on the WAN interface by default and enabled on the LAN interface (obviously, otherwise how would you configure it). I've never encountered a single router, not even a cheap and nasty one, that has remote management enabled by default on the WAN interface.
Click to expand...

This article is just 5 years to late. 5 years ago almost all the routers had remote management enabled by default. We did a test one time by running IP scan on a SA subnet and then try and login to routers using default login details. Within 30 min we managed to login to at least 5 or so routers.
 
Electron1 said:
Check out the post I did for the competition last week. Follow the part about changing the modem's login password and the wireless security.
http://mybroadband.co.za/vb/showthread.php/532369-How-to-configure-your-ADSL-Modem-Router
Let me know if it answers your questions.
Click to expand...

Yeah I saw that. There are also other threads about ADSL and how to get it etc etc etc
http://mybroadband.co.za/vb/showthread.php/24418-ADSL-NEWBIE-F-A-Q
http://mybroadband.co.za/vb/showthread.php/103997-ADSL-Issues!-Important-Information
http://mybroadband.co.za/vb/showthread.php/222836-Getting-ADSL-for-Dummies

Grabbing bits and pieces from yours and these threads, I think it is possible to address some security issues, but nothing is really comprehensive. Changing a username and password is the first step, but modern routers have a variety of functions that could be risky when implemented. I could not find any such thread/guide on MyBB. Yes there is a lot of info on the internet and yes Google is my friend, but in light of the recent competition and this thread, I reckon it would be awesome to compile such a thread highlight ALL the security risks and I'm sure uncle rpm will sticky it in the ADSL section.
 
I agree - I haven't got anything in that post about checking if remote management is disabled.
Problem is to keep it generic to apply to all routers.
 
It's actually ridiculous how often people try to break in... I'm running an Ubuntu server on my home network, which runs the database system for a house sitting business that I run. So I've got HTTP, HTTPS and SSH ports open and forwarded. Invalid login attempts matching certain criteria will get your IP address banned.

On AVERAGE about 5 IP addresses get banned daily. The most I've seen was 30 IP addresses banned in the space of 5 minutes. What are they hoping to achieve?!
 
Electron1 said:
I agree - I haven't got anything in that post about checking if remote management is disabled.
Problem is to keep it generic to apply to all routers.
Click to expand...

True, but it could be a good place to start. I think when people add to the thread, OP can be updated and it would be nice if participants will mention what router they have.
 
Ignorance is bliss....

As a security professional. I know that being great you need to know how people gain access to your network. Also knowing the mindsets of people.

I love scanning blocks of ip addresses from my Kali Linux box with THC Hydra with a word list for usernames like "admin"+"root"+"Administrator" and so on then i have the same document for passwords a short list of default passwords.

I have found DVR's. Home automation systems. Ip cameras... even a tile company with pastel server that i could access.

Internet Access should be regulated to protect the dumb people out there. Really!

Stuff like DVR's are so important to limit access to. As i can easily sell information like that... as it would make breaking in so much easier.
 
Oh and please excuse my poor attempt at pronunciation,how do you pronounce this wonderful piece of equipment?

"Rauter" or "Rooter" ?:D
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X