Sometimes we ignore little details, which is a bad thing - because others can use our negligence against us.
Most routers and ADSL modems come with a web interface that is used to control and configure the device. The administration panel is accessed with a web-browser, and it provides access to data such as:
- your user name and password
- a log that shows which sites are visited, which network hosts are connected to the router
- port forwarding rules
There are two things that have to be done if such a device is used in your household:
- Change the default admin password to another one. Don't worry if you forget it. You will either not need it in the future because routers and ADSL modems are often the "configure and forget it" type of device; even if you forget the password and you need to reconfigure the device - you can reset it to the factory settings, because you have full physical access to the device;
- Disable administration via the Internet. It is likely that you won't ever need it. Even if you do, you can do it much safer with a SSH tunnel to one of your computers and then connect to the router locally.
How to do this?
- Log on to your router or modem using the web-browser, usually it is done by opening this page in the browser: http://192.168.0.1 or http://192.168.1.1
- Authenticate by typing the administrator name and passowrd. For D-Link appliances, the name is usually "admin", and so is the password.
- See what the available options are, if you are not sure what you are looking for, scan through all the tabs and look for labels such as "password", "security", or "remote administration", etc.
- Once you've found the right section, change the password to another one, then disable remote administration.
Here are two examples that apply to D-Link DI-524, and D-Link DSL-500T (click image to enlarge).
Even though the devices are different, you can see that in both cases the options we need are in Tools\Admin. Once you've made the changes, do not forget to apply them.
How to verify if it really works?
Your router or modem has two addresses, one of them is the local address (in the first example the address is 192.168.0.1), the other one is the external address (you can find what it is by opening www.whatismyip.com in your browser).
The local address is used by the router to communicate with your computer, while the external address is used for world-wide communications, i.e. other computers on the Internet. If remote administration is allowed, it means that anyone in the Internet can log on to the device and configure it. In contrast, if remote administration is disabled, it means that only computers from your local network (i.e. those that belong to you, located in your household) can configure the router.
- Find your external address by opening whatismyip.com
- Open http://local-address/, then http://external-address/
- If in both cases you are able to access the administration panel of the router, it means that remote administration is enabled. Otherwise, if it only works locally - you're ok.
Why do this in the first place?
If remote administration is enabled, and you are using a standard password such as "11111" or "admin" or "12345" - a remote attacker can get in control easily. Here are some examples of what can be done with that:
- Some ISPs issue user names that are equal to your last name; knowing that info makes it possible to find where you live by looking up your name in the phonebook.
- The attacker could also 'borrow' your credentials and use your Internet account (i.e. the traffic and bandwidth for which you pay).
- The password of your WiFi network can be obtained. Most of us use the same password for more than one account; what are the chances that your WEP or WPA key matches your mailbox password, or the one you use for banking?
- Your WiFi network can be reconfigured not to use encryption, which means that others will be able to use it for things such as sending out spam or conducting DoS (denial of service) attacks against other computers.
The possibilities are only limited by the creativity of the attacker and by their skills.
so, what happened? got hacked? :)
Just wondering, are you familiar with any tool for managing bandwidth and traffic on a (Linux) server, imposing speed limits on users/IPs etc.?
Comment from: gr8dude [Member]
Ion, I wasn’t “hacked", it was the other way around actually; I found this when examining the infrastructure of a friend of mine.
Constantin, unfortunately I am not familiar with such tools. I needed this a long time ago, I was using Windows, and the tool that solved the problem was UserGate. But since I’ve switched to Linux things have changed, so I haven’t researched this.
Hey you there!
It’s the first time i check a blog from your country, and yours is really cool and awesome. it’s terrific!
my regards from chile
check mine at http://boggito.blogspot.com
Form is loading...