dslreports logo
site
spacer

spacer
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


view:
topics flat nest 
Comments on news posted 2009-03-24 13:20:06: A new bit of nasty code named "psyb0t," is getting a lot of attention today for being the first botnet malware designed for Linux-embedded broadband equipment and routers. ..

page: 1 · 2 · 3 · 4 · next


S_engineer
Premium
join:2007-05-16
Chicago, IL

Nothing is sacred...

Why don't people change the defaults....I guess alpha-numeric is too big of a concept to grasp!


fifty nine

join:2002-09-25
Sussex, NJ
kudos:2

1 recommendation

It's our plug and play culture. People just want to plug in things and have them work.

Security? What's that?


dcurrey
Premium
join:2004-06-29
reply to S_engineer
I am in range of 3 wireless networks. 2 of them are close enough to connect to. Even logged into routers. Guess I should change the default password for them at least.


ztmike
Mark for moderation
Premium
join:2001-08-02
Michigan City, IN

1 edit

default

Okay..yes this a is a n00b question..but how do you change the default password on a wrt54g? I been meaning to do it but haven't bothered to look up how..
--
»www.ps3grid.net


pnh102
Reptiles Are Cuddly And Pretty
Premium
join:2002-05-02
Mount Airy, MD
reply to S_engineer

Re: Nothing is sacred...

said by S_engineer:

Why don't people change the defaults....I guess alpha-numeric is too big of a concept to grasp!
Probably because there's no real incentive to do so. ISPs won't disconnect users who do not take security seriously.

However, most off-the-shelf routers have these ports plugged by default. The same usually goes for remote access to the router. In most cases, someone would have to go out of their way to open these ports or enable remote web access to a router.
--
Blagojevich / Madoff 2012!


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:7
Reviews:
·PenTeleData
·Verizon Online DSL
reply to dcurrey
said by dcurrey:

I am in range of 3 wireless networks. 2 of them are close enough to connect to. Even logged into routers. Guess I should change the default password for them at least.
I would not do that, if I were you.

Because connecting to another network that you do not own is illegal.
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


SSX4life
Hello World
Premium
join:2004-02-13
kudos:3
reply to pnh102
um..... i've got DDWRT v. 24 but no defaults and a fairly heavy password.

should I disable SSH even though I use it from time to time? =/
--
»www.google.com is your best friend... please use it before asking your question.


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:7
Reviews:
·PenTeleData
·Verizon Online DSL

1 recommendation

reply to ztmike

Re: default

said by ztmike:

Okay..yes this a is a n00b question..but how do you change the default password on a wrt54g? I been meaning to do it but haven't bothered to look up how..
After you log in to the router, go to Administration -> Management

The screen will look something like this

»ui.linksys.com/files/WRT54G/v1-v···ment.htm

Enter in the new password two times (Router Password and Re-enter to confirm).

Click save.
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


SSX4life
Hello World
Premium
join:2004-02-13
kudos:3

1 edit
FYI, DDWRT has both of these turned on by default.



Don't need em, disable em.


pnh102
Reptiles Are Cuddly And Pretty
Premium
join:2002-05-02
Mount Airy, MD
reply to SSX4life

Re: Nothing is sacred...

said by SSX4life:

should I disable SSH even though I use it from time to time? =/
Personally I use a VPN to get into my home network. I used to have SSH open when I had a linux box on the other end but I disabled root logins and had a pretty strong password for the other accounts. I never had a problem.
--
Blagojevich / Madoff 2012!


ztmike
Mark for moderation
Premium
join:2001-08-02
Michigan City, IN
reply to aefstoggaflm

Re: default

said by aefstoggaflm:

said by ztmike:

Okay..yes this a is a n00b question..but how do you change the default password on a wrt54g? I been meaning to do it but haven't bothered to look up how..
After you log in to the router, go to Administration -> Management

The screen will look something like this

»ui.linksys.com/files/WRT54G/v1-v···ment.htm

Enter in the new password two times (Router Password and Re-enter to confirm).

Click save.
Yea, I just saw that, wasn't sure if that was the right one or not. Thanks.
--
»www.ps3grid.net


Kilroy
Premium,MVM
join:2002-11-21
Saint Paul, MN

2 recommendations

Targeting Dumb People?

Then I guess they will have a plethora of targets. God loves dumb people, look at how many he made.
--
When will the people realize that with DRM they aren't purchasing anything?


tubbynet
reminds me of the danse russe
Premium,MVM
join:2008-01-16
Chandler, AZ
kudos:1

1 recommendation

niche market?

pardon my ignorance in this area - but how many consumer level routers actually *have* telnet/ssh options? afaik, only routers that run ddwrt/xwrt/openwrt/tomato/etc have such options available and if you are running something like that, you *should* know how to secure your router. i could see something like m0n0wall/pfsense/etc, but the same argument can be made.
am i missing something or is this just pure laziness from (quasi-)technical people?

q.
--
those who forget the past are doomed to repeat it...


fifty nine

join:2002-09-25
Sussex, NJ
kudos:2
reply to pnh102

Re: Nothing is sacred...

said by pnh102:

Probably because there's no real incentive to do so. ISPs won't disconnect users who do not take security seriously.
That's because they'd lose 3/4 of their customer base. ISPs these days cater primarily to non computer savvy people. Unfortunately we the computer savvy folks get lumped in with them too.


dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
kudos:18
reply to Kilroy

Re: Targeting Dumb People?

said by Kilroy:

Then I guess they will have a plethora of targets. God loves dumb people, look at how many he made.
ROFL! Ya think?
--
Think outside the Fox... Opera


Dave547457

@verizon.net

Dumb people?

I don't think people who don't change the defaults are necessarily dumb.


PapaMidnight

join:2009-01-13
Baltimore, MD
reply to aefstoggaflm

Re: Nothing is sacred...

said by aefstoggaflm:

said by dcurrey:

I am in range of 3 wireless networks. 2 of them are close enough to connect to. Even logged into routers. Guess I should change the default password for them at least.
I would not do that, if I were you.

Because connecting to another network that you do not own is illegal.
That's not entirely accurate.

First of all, there's no federal law as of yet of such and such cases are being handled on either a state by state or municipality by municipality case basis.

Secondly, connecting to another network you do not known is not illegal. "Maliciously" connecting to another network you do not own is illegal.

Additionally, Simply the wording alone of what you stated is too broad and makes the entire premise of the internet illegal, after all, aren't you merely "connecting to another network that you do not own"?


PapaMidnight

join:2009-01-13
Baltimore, MD

1 edit
reply to SSX4life
said by SSX4life:

um..... i've got DDWRT v. 24 but no defaults and a fairly heavy password.

should I disable SSH even though I use it from time to time? =/
Yes. I'd suggest just using a VPN and Telnet. I used to keep a PPTP server open for myself.


PapaMidnight

join:2009-01-13
Baltimore, MD

1 recommendation

reply to fifty nine
said by fifty nine:

It's our plug and play culture. People just want to plug in things and have them work.

Security? What's that?
Heh, 5 networks in range of me at home are still carrying the SSID's:
linksys
d-link
belkin
eHome


Morac
Cat god

join:2001-08-30
Riverside, NJ
kudos:1
Reviews:
·Comcast

2 edits
reply to tubbynet

Re: niche market?

Surprisingly a lot have remote telnet/ssh options. They are disabled by default, but it's very simple to just check the box next to them.

Personally I think the check box should be disabled if the password hasn't been changed or isn't deemed "good enough".

edit - Oops I confused remote web interface with remote shell. So no, most consumer devices do not have a built in remote shell.
--


The Comcast Disney Avatar has been retired.


en102
Canadian, eh?

join:2001-01-26
Valencia, CA
reply to dcurrey

Re: Nothing is sacred...

Every day, I pass by dozens unsecured open WiFi connections.
Similarly, I pass by hundreds of secured (default naming 2WIRE-xxx) wifi routers. It fills up the screen on my HTC Tilt.

I personally use Ethernet over powerline - HDX101 200Mbps bridge. Better range, more stable, and doesn't mess up with my bluetooth.
--
Canada = Hollywood North


tubbynet
reminds me of the danse russe
Premium,MVM
join:2008-01-16
Chandler, AZ
kudos:1
reply to Morac

Re: niche market?

said by Morac:

Surprisingly a lot have remote telnet/ssh options. They are disabled by default, but it's very simple to just check the box next to them.
hmmm...never knew. i knew that a "web gui" option existed, but i figured that many of those routers ran a vxworks-type firmware and wasn't sure what kind of remote shell these devices would have over some type of remote-cli connection.

q.


PapaMidnight

join:2009-01-13
Baltimore, MD
reply to tubbynet
said by tubbynet:

pardon my ignorance in this area - but how many consumer level routers actually *have* telnet/ssh options? afaik, only routers that run ddwrt/xwrt/openwrt/tomato/etc have such options available and if you are running something like that, you *should* know how to secure your router. i could see something like m0n0wall/pfsense/etc, but the same argument can be made.
am i missing something or is this just pure laziness from (quasi-)technical people?

q.
A firewall is only as secure as the person who sets the options and/or secures it.

pfSense (I've never used m0n0wall and cannot speak for it) does not allow external networks to connect to SSH by default. Actually, by default, ssh is disabled on pfSense. Likewise, by default, pfSense blocks Loopback connections as part of its default Firewall rules.


tubbynet
reminds me of the danse russe
Premium,MVM
join:2008-01-16
Chandler, AZ
kudos:1
said by PapaMidnight:

A firewall is only as secure as the person who sets the options and/or secures it.
right. my point was that pfsense/m0n0wall is not your "run of the mill" router solution and as such, users configuring it should be aware of security.

my argument was that in my experience with consumer-grade (linksys, dlink, netgear, etc) routers, there was no "remote shell" ability - only that of "web gui remote administration". i can understand people using _these_ devices not understanding what telnet/ssh is and leaving it on with a default password. i was simply posing the question if this was an option on consumer routers as i had never seen it. if it _was_ an option, then i can understand the desire to build something to exploit that market segment. if that was not a common option built in to user gear, then the only people exploited are those who *do know* what remote shells are, but are too lazy to configure them in a secure manner.

q.


en102
Canadian, eh?

join:2001-01-26
Valencia, CA
reply to tubbynet
Sad part is that many have a little knowledge about this and want all the tech gadgets, but either are too lazy, or don't have enough knowledge to really secure it well.

"A little knowledge is a dangerous thing. So is a lot."
— Albert Einstein
--
Canada = Hollywood North


Makaki09

@216.21.52.x

1 recommendation

Not Always The End Users Fault

Wireless security is extremely confusing for normal people who have real work to do. Many of the people on this website are hardcore computer-nerds who live for these types of insecurity revelations.

Manufacturers need to make it easier to enable security, as well as deciding what type of security to use.

WPA, WEP, etc, etc... all of those are incredibly confusing and the standard firmware for WRT54G gives no information on the pros & cons of the various password protections.

Each router should have a UNIQUE default user/password printed on the packaging, just as Windows CDs have a unique product key. Of course this would be more expensive for manufacturers, but many might agree it's worth the extra cost to live in a safer wireless world.


TheRul
Why Not You?
Premium
join:2007-09-18
Gilroy, CA
kudos:1

1 recommendation

simply amazing

It is simply amazing the aragance of this. How many of you do you own auto work? How many of you want to be able to have your car just start in the morning?

Most of these "dumb people" have not been educated in the world of security.

A lot of the elderly who have bought these "magic" boxes that allow them to sit in their chairs and email the grandkids. What do they know of security? What should you know about otheoperosis? Or how to skin a deer? or how your refridgerator actually works. Or god forbid, first aid!

So before berating people for not understanding what they should know, think about what you do not, before you call them names. One of them may someday have their hands in your guts, and you should prey they know the simple things that you do not.
end of rant
--
Reality: I am bearly able to handle ality, why do I want it again?
DO NOT SIGN THIS DOCUMENT UNTIL YOU READ AND UNDERSTAND IT. IF YOU DO NOT READ AND UNDERSTAND ENGLISH, PLEASE SEE YOUR AGENT/BROKER FOR AN EXPLANATION OF THIS FORM.


PapaMidnight

join:2009-01-13
Baltimore, MD
reply to tubbynet

Re: niche market?

said by tubbynet:

said by PapaMidnight:

A firewall is only as secure as the person who sets the options and/or secures it.
right. my point was that pfsense/m0n0wall is not your "run of the mill" router solution and as such, users configuring it should be aware of security.

my argument was that in my experience with consumer-grade (linksys, dlink, netgear, etc) routers, there was no "remote shell" ability - only that of "web gui remote administration". i can understand people using _these_ devices not understanding what telnet/ssh is and leaving it on with a default password. i was simply posing the question if this was an option on consumer routers as i had never seen it. if it _was_ an option, then i can understand the desire to build something to exploit that market segment. if that was not a common option built in to user gear, then the only people exploited are those who *do know* what remote shells are, but are too lazy to configure them in a secure manner.

q.
Till being modified, I've never seen a consumer level router with a command shell option available to the consumer on any level. Not even the Linksys' recovery mode. That's just my personal experience.

hottboiinnc
ME

join:2003-10-15
Cleveland, OH
reply to fifty nine

Re: Nothing is sacred...

True. But ISPs could do "rebates" like ATT does for Wireless Routers. All 2Wire routers come with some sort of WEP or other security setting turned on. Each is also different for each router. And they print the code bottom next to the MAC address.

Airwolf7
Premium
join:2004-12-12
Franklin, KY
kudos:1
reply to Dave547457

Re: Dumb people?

Some might be dumb. I would like to think that most are just ignorant. Ignorance can be cured by educating the end user.

I know how to do a lot of things including securing a consumer grade wired/wireless router. I don't know how to make cupcakes though. I don't think my lack of knowledge about cupcakes makes me dumb, it just makes me ignorant about cupcakes.
--
It is not possible to achieve 'equality' between things that are, fundamentally, not equal!