Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Router Security warning
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Router Security warning
Router Security warning
17-02-2008 11:13 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It has been reported in the wild of a new attack which takes over routers of home users. Basically the attack reconfigures the router to the attackers DNS so when you request your bank site they jig the dns and go to there site and steal your details, the same goes for Ebay and any other site.
What to do
Don’t use dhcp as doing this sets the dns to the router and thus plays into their hands set the ip manually. if you must use dhcp then set the dns manually to 208.67.222.222 and 208.67.220.220 this is open dns and their servers warn you if the site is a fake.
Change the default usermane and password of the router and make sure you use a complicated password like CiSau29pgTdLWkbv
Don’t allow access from the internet to the router
Change the default SID if you have wireless as showing the SID of Netgear etc tells hackers the router make and hence the vulnerabilities.
If possible hide the SID
Us some strange name as the SID I see lots with the Jones or the Smith family as I know the router must be close a quick look at the electoral role will find your address.
Message 1 of 2
(1,104 Views)
1 REPLY 1
Re: Router Security warning
18-02-2008 12:49 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
This attack is not that new - Symantec warned about it being theoretically possible last year, and it was first reported to have occured in January. It depends on a number of factors, the most important being that the user has not changed the default password of the router. An eMail is sent which contains an HTML IMG tag - the resulting GET request includes code to reprogram the router dns tables.
For it to work, a number of things must occur.
1/ You've got to get the eMail (so make sure your anti-virus and anti-spam software are up to date).
2/ You've got to have left your router with the default password. (So change the default password).
3/ You've got to have a router which is vulnerable to the attack.
4/ You've got to attempt to use the bank or other organisation which is the subject of the pharming attack.
I think samuria, your advice is just a little bit paranoid
The most important thing is to change the router password - even one character of a change would be sufficient to offer protection from this attack. (To be able to try multiple passwords, a hacker would have to execute software directly on your machine - if he can do that, then it's probably all over anyhow!) I would agree that in any case, users should use a strong password, but 12 alphanumeric characters should be enough. (Most hackers are not prepared to run a dictionary attack against a single host for days on end).
If the router is secure, then there's nothing wrong with using dhcp. Let's face it - anyone clever enough to get software running on your machine to hack a 12 character password is not going to need to change the router - why wouldn't he just add a few entries to your hosts file?
"Don't allow access to your router from the internet"? Most routers don't allow this by default, but in any case, provided you have a good complex password, it shouldn't be a problem.
Changing the default SSID will indeed conceal the make of the router - though most wireless attacks are not against the router, but against other equipment on the wireless network. Hiding the SSID is a waste of time - any competent hacker will find it anyhow. If you need to rely on hiding the SSID, you're in trouble. If you're using WPA with a complex key (something slightly longer than the name of your dog!), then it doesn't matter if the SSID is exposed or not - the hacker can see it, but without breaking your wireless encryption, he can't log on, so therefore he can't try any other vulnerabilities of the router.
I'm not sure how knowing the address at which someone has a router is any help to a potential hacker. (Unless of course they've used their dog's name as the router password!). (In any case, if I wanted to know which house near me was broadcasting a particular SSID, I'd just stick a directional aerial onto my wireless card, and swing it around to see what direction the signal was coming from. )
And finally - just because your paranoid doesn't mean their not out to get you!
For it to work, a number of things must occur.
1/ You've got to get the eMail (so make sure your anti-virus and anti-spam software are up to date).
2/ You've got to have left your router with the default password. (So change the default password).
3/ You've got to have a router which is vulnerable to the attack.
4/ You've got to attempt to use the bank or other organisation which is the subject of the pharming attack.
I think samuria, your advice is just a little bit paranoid
The most important thing is to change the router password - even one character of a change would be sufficient to offer protection from this attack. (To be able to try multiple passwords, a hacker would have to execute software directly on your machine - if he can do that, then it's probably all over anyhow!) I would agree that in any case, users should use a strong password, but 12 alphanumeric characters should be enough. (Most hackers are not prepared to run a dictionary attack against a single host for days on end).
If the router is secure, then there's nothing wrong with using dhcp. Let's face it - anyone clever enough to get software running on your machine to hack a 12 character password is not going to need to change the router - why wouldn't he just add a few entries to your hosts file?
"Don't allow access to your router from the internet"? Most routers don't allow this by default, but in any case, provided you have a good complex password, it shouldn't be a problem.
Changing the default SSID will indeed conceal the make of the router - though most wireless attacks are not against the router, but against other equipment on the wireless network. Hiding the SSID is a waste of time - any competent hacker will find it anyhow. If you need to rely on hiding the SSID, you're in trouble. If you're using WPA with a complex key (something slightly longer than the name of your dog!), then it doesn't matter if the SSID is exposed or not - the hacker can see it, but without breaking your wireless encryption, he can't log on, so therefore he can't try any other vulnerabilities of the router.
I'm not sure how knowing the address at which someone has a router is any help to a potential hacker. (Unless of course they've used their dog's name as the router password!). (In any case, if I wanted to know which house near me was broadcasting a particular SSID, I'd just stick a directional aerial onto my wireless card, and swing it around to see what direction the signal was coming from. )
And finally - just because your paranoid doesn't mean their not out to get you!
Message 2 of 2
(378 Views)
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page