cancel
Showing results for 
Search instead for 
Did you mean: 

Router Security warning

Community Veteran
Posts: 1,571
Thanks: 3
Registered: 13-04-2007

Router Security warning


It has been reported in the wild of a new attack which takes over routers of home users. Basically the attack reconfigures the router to the attackers DNS so when you request your bank  site they jig the dns and go to there site and steal your details, the same goes for Ebay and any other site.

What to do

Don’t use dhcp as doing this sets the dns to the router and thus plays into their hands set the ip manually. if you must use dhcp then set the dns manually to 208.67.222.222 and 208.67.220.220 this is open dns and their servers warn you if the site is a fake.
Change the default usermane and password of the router and make sure you use a complicated password like CiSau29pgTdLWkbv
Don’t allow access from the internet to the router
Change the default SID if you have wireless as showing the SID of Netgear etc tells hackers the router make and hence the vulnerabilities.
If possible hide the SID
Us some strange name as the SID I see lots with the Jones or the Smith family as I know the  router must be close a quick look at the electoral role will find your address.

1 REPLY
notheruser
Grafter
Posts: 139
Registered: 08-01-2008

Re: Router Security warning

This attack is not that new - Symantec warned about it being theoretically possible last year, and it was first reported to have occured in January. It depends on a number of factors, the most important being that the user has not changed the default password of the router. An eMail is sent which contains an HTML IMG tag - the resulting GET request includes code to reprogram the router dns tables.
For it to work, a number of things must occur.
1/ You've got to get the eMail (so make sure your anti-virus and anti-spam software are up to date).
2/ You've got to have left your router with the default password. (So change the default password).
3/ You've got to have a router which is vulnerable to the attack.
4/ You've got to attempt to use the bank or other organisation which is the subject of the pharming attack.
I think samuria, your advice is just a little bit paranoid  Wink
The most important thing is to change the router password - even one character of a change would be sufficient to offer protection from this attack. (To be able to try multiple passwords, a hacker would have to execute software directly on your machine - if he can do that, then it's probably all over anyhow!) I would agree that in any case, users should use a strong password, but 12 alphanumeric characters should be enough. (Most hackers are not prepared to run a dictionary attack against a single host for days on end).
If the router is secure, then there's nothing wrong with using dhcp. Let's face it - anyone clever enough to get software running on your machine to hack a 12 character password is not going to need to change the router - why wouldn't he just add a few entries to your hosts file?
"Don't allow access to your router from the internet"? Most routers don't allow this by default, but in any case, provided you have a good complex password, it shouldn't be a problem.
Changing the default SSID will indeed conceal the make of the router - though most wireless attacks are not against the router, but against other equipment on the wireless network. Hiding the SSID is a waste of time - any competent hacker will find it anyhow. If you need to rely on hiding the SSID, you're in trouble. If you're using WPA with a complex key (something slightly longer than the name of your dog!), then it doesn't matter if the SSID is exposed or not - the hacker can see it, but without breaking your wireless encryption, he can't log on, so therefore he can't try any other vulnerabilities of the router.
I'm not sure how knowing the address at which someone has a router is any help to a potential hacker. (Unless of course they've used their dog's name as the router password!). (In any case, if I wanted to know which house near me was broadcasting a particular SSID, I'd just stick a directional aerial onto my wireless card, and swing it around to see what direction the signal was coming from. )
And finally - just because your paranoid doesn't mean their not out to get you!  Grin