Page 1 of 2 12 LastLast
Results 1 to 15 of 28
  1. #1
    jwoods
    Guest

    Insecure routers hacked yet again


  2. #2
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,681
    Thanks
    59
    Thanked 1,064 Times in 989 Posts
    Plenty of FUD there.
    "The vulnerable routers were brutally attacked"
    "the routers may have been purposely configured this way by ISPs to enable spying and other assorted attacks on the computing devices behind the router"
    "And, don't buy a consumer router."


    Pity the article lacks a basic "how to secure your router" section.

    cheers, Paul

  3. The Following User Says Thank You to Paul T For This Useful Post:

    BATcher (2015-05-17)

  4. #3
    jwoods
    Guest
    Plenty of documented evidence to support the claims.

  5. #4
    Super Moderator BATcher's Avatar
    Join Date
    Feb 2008
    Location
    A cultural area in SW England
    Posts
    3,496
    Thanks
    34
    Thanked 203 Times in 182 Posts
    I am intrigued by the amount of 'brutality' observed by the author. What on earth is "brutally vulnerable" in connection with routers?

    I would have been happier if there had been a rather less global condemnation of "all consumer routers" - surely there are some which are vulnerable and some which are less so. A little more specificity would have been advantageous.

    As PaulT says - what are those people with consumer routers now supposed to do? Bin them?

    As a useful article, 5/10 - could try harder...
    BATcher

    "The trouble with quotes on the internet is that you can never know if they are genuine."
    Abraham Lincoln
    

  6. #5
    jwoods
    Guest
    Quote Originally Posted by BATcher View Post
    As PaulT says - what are those people with consumer routers now supposed to do? Bin them?
    Maybe the bigger question is why are ISPs and vendors shipping routers that are not securely configured?

    The average home user (who probably doesn't read Computerworld) will likely just plug it in and use it.

  7. #6
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,754
    Thanks
    329
    Thanked 615 Times in 514 Posts
    ISPs like shipping routers with backdoors, that's how they remotely upgrade them.

    Retail routers are shipped with a wide range of configurable settings to suit a host of different applications, they need to be configured correctly by the end user.

    What do you want them to do, supply them locked down to some generic usage pattern which disables any form of remote access?

  8. #7
    jwoods
    Guest
    Quote Originally Posted by satrow View Post
    What do you want them to do, supply them locked down to some generic usage pattern which disables any form of remote access?
    The status quo isn't working...

    http://www.computerworld.com/article...d-devices.html

    http://www.theregister.co.uk/2015/03...ors_dont_care/

    http://www.techworld.com/tutorial/se...s-out-3609122/

  9. #8
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    7,429
    Thanks
    180
    Thanked 981 Times in 933 Posts
    Should anyone be interested, F-Secure have a program for checking if a router has been hacked - http://www.redmondpie.com/how-to-che...ter-is-hacked/

    I haven't gotten around to trying it yet because I don't have any problems - at least not network wise, but reviews would be welcome.

    Edit - Well, that was quite painless - you can try it from https://campaigns.f-secure.com/router-checker/
    Last edited by Sudo; 2015-05-17 at 17:57.

  10. The Following 2 Users Say Thank You to Sudo For This Useful Post:

    Dick-Y (2015-05-18),Fascist Nation (2015-05-17)

  11. #9
    jwoods
    Guest
    Nice link...thanks.

    I just ran it and it didn't like that I am using DNS servers other than my ISP's.

  12. #10
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    7,429
    Thanks
    180
    Thanked 981 Times in 933 Posts
    Which ones are you using ?

  13. #11
    jwoods
    Guest
    Quote Originally Posted by Sudo15 View Post
    Which ones are you using ?
    Two public servers...

    The primary is 216.131.94.5
    The secondary is 4.2.2.2

    Every now and then I'll run DNSBench to see whether a DNS server is still a good choice over time.

    https://www.grc.com/dns/benchmark.htm

  14. #12
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    7,429
    Thanks
    180
    Thanked 981 Times in 933 Posts
    See what Netalyzr thinks of your Networking http://netalyzr.icsi.berkeley.edu/

    It requires Java and enabled in browsers.

  15. #13
    jwoods
    Guest
    Quote Originally Posted by Sudo15 View Post
    See what Netalyzr thinks of your Networking http://netalyzr.icsi.berkeley.edu/

    It requires Java and enabled in browsers.
    Haven't used Netalyzr in a while.

    No major issues. A few complaints about port blocking, which is intentional.

  16. #14
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,754
    Thanks
    329
    Thanked 615 Times in 514 Posts
    I stopped using Java a long time ago.

    Nice try, F-Secure but:
    Everything appears to be fine, but the check was incomplete

    You appear to be using a safe DNS server, but Router Checker was not able to reach a final verdict.

    Your DNS server is one that appears to be widely used or administered by your Internet service provider, but Router Checker could not complete its check. This doesn’t mean there’s a problem, but here are some things you can do if you want to play it safe:

    Ask people with access to your router (such as friends or family members) if they’ve installed software or adjusted settings that make changes to your Internet set-up.
    Reset your router so it returns to its factory settings. Please remember to change your router’s default password and disable any external administrator access privileges after the reset.
    Check the website of the router’s manufacturer for software updates.
    Run a virus checker such as F-Secure SAFE or F-Secure Online Scanner.
    Run Router Checker again.

    It might be a misdiagnosis if you complete these steps and Router Checker continues to give you the same result.
    Ask people with access to your router (such as friends or family members) if they’ve installed software or adjusted settings that make changes to your Internet set-up.
    No one but me can access the router settings.
    Reset your router so it returns to its factory settings.
    Sure, and waste my time resetting the security measures I've already taken!?

    Everything appears to be fine, but the check was incomplete
    It might be a misdiagnosis if you complete these steps and Router Checker continues to give you the same result.
    Reads like more FUD.

  17. #15
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,363
    Thanks
    35
    Thanked 349 Times in 304 Posts
    @ satrow #14 post

    I get exactly the same result as you.
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    Confuscius said: "no use running harder if you're on the wrong road" and "any problem once correctly understood is already half-solved".

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •