dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
12440
share rss forum feed


bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
kudos:7

2 recommendations

In the Wild: Zlob Changing Router Settings to Hijack DNS

quote:
A new Trojan horse masquerading as a video "codec" required to view content on certain Web sites tries to change key settings on the victim's Internet router so that all of the victim's Web traffic is routed through servers controlled by the attackers.

According to researchers contacted by Security Fix, recent versions of the ubiquitous "Zlob" Trojan (also known as DNSChanger) will check to see if the victim uses a wireless or wired hardware router. If so, it tries to guess the password needed to administer the router by consulting a built-in list of default router username/password combinations. If successful, the malware alters the victim's domain name system (DNS) records so that all future traffic passes through the attacker's network first. DNS can be thought of as the Internet's phone book, translating human-friendly names like example.com into numeric addresses that are easier for networking equipment to handle.

While researchers have long warned that threats against hardware routers could one day be incorporated into malicious software, this appears to be the first time this behavior has been spotted in malware released into the wild.

The type of functionality incorporated into this version of the Zlob Trojan is extremely concerning for a number of reasons. First, Zlob is among the most common type of Trojan downloaded onto Windows machines. According to Microsoft, the company's malicious software removal tool zapped some 14.3 million instances of Zlob-related malware from customer machines in the second half of 2007.

The other, more important reason this shift is scary is that a Windows user with a machine infected with a Zlob/DNSChanger variant may succeed in cleaning the malware off an infected computer completely, but still leave the network compromised. Few regular PC users (or even PC technicians) think to look to the router settings, provided the customer's Internet connection is functioning fine.

Philip Sloss, a software engineer for myNetwatchman.com, said he first observed the activity while examining a Zlob variant distributed on May 22. The DNS hijack occurs, he said, during the installer program, so by the time the user sees the fake codec installer screen, the malware has already attempted to change DNS settings on the victim's router.

I reached out to researchers at Sunbelt Software to check Sloss's data, and Sunbelt was able to confirm that the malware successfully changed the DNS settings on a Linksys router (model BEFSX41), pulled straight out of the factory box (with the default username and password). Another test showed that the Zlob variant successfully changed the DNS settings on a Buffalo router running the DD-WRT open source firmware.

Sunbelt also found that if there are multiple machines using the same router, all of the systems connected to that router will have their traffic hijacked.

"This is definitely something we have not seen before," said Eric Sites, chief technology officer at Sunbelt. Sites said his team is testing the new Zlob variants against multiple routers to see how they fare against the malware. "It was only a matter of time before someone started using this attack."

Sloss said he captured traffic showing the Zlob variant trying to reconfigure different routers by requesting the local Web page for the various "setup wizards" that ship with the devices. Some of the requests he noticed are listed below, with my own research noted next to them:

"/index.asp" (still checking, but I believe this is used on DD-WRT and some Linksys routers);
"/dlink/hwiz.html" (D-Link routers);
"wizard.htm" (appears to be used by several different router manufacturers, including Linksys).
"/home.asp" (no idea)

Relatively few people ever change the default username and password on their wireless routers. I see this often, even among people who have locked down their wireless routers with encryption and all kinds of other security settings: When I confront them about why they haven't changed the default credentials used to administer the router settings, their rationale is that, 'Well, why should I change it? An attacker would need to already have a valid connection on my network in order to reach the router administration page, so what's the difference?'

Obviously, an attack like this illustrates the folly of that reasoning.

What's more, the various components dropped onto victim PCs by this malware are fairly ill-detected by most anti-virus tools out there today. A scan of these three files at Virustotal.com -- which checks submitted files against 31 different anti-virus engines -- indicates that only 11 of the anti-virus products currently detect any of them as malicious.

»blog.washingtonpost.com/security···e_1.html
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users



jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
kudos:2

4 edits
Wow...some very interesting stuff.

I'm constantly amazed as well, at how many people don't even bother to do something as simple as change the default user names and passwords on their Routers. (Apparently, that "admin" guy is very popular).
I can't tell you how many people I've run across who say: "Hey, you just plug it in, and it works!".

Some of them don't know that a Configuration page even exists, let alone that it requires an administrative password to change settings. ("What settings?")

This nonsense just gets better all the time.
--
I had a life once.....now I have a Computer and a Modem.


Grail Knight

Premium
join:2003-05-31
Valhalla
kudos:6
reply to bcastner
Interesting read.

Thank.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to jabarnut
I guess none of those folks that never have changed the default password have ever tried to do any number of things on a Linksy router. Something like enabling UPnP without then typing the password TWO times (no prompting, no mention that you must do this) results in the router arbitrarily changing the password and the user can't access the router's config page any longer. The only solution is a factory reset which is a hassle if you have flashed the firmware and use beta firmware which is hard to find again.

Considering all the security bugs, over the past almost 5 years, in regards to the password on the Linksy router I have I would have thought no one leaves the default password on the router anymore.

How could anyone not know a config page exists? How were they able to set up the router if they didn't go the config page?
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason


Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
kudos:13
said by Mele20:

How were they able to set up the router if they didn't go the config page?
Certainly in last few years the routers are given to customers already preset where all they have to do is plugin and it all works.

Cudni
--
"Mercifully, he hit him with the soft end of the pistol."
Help yourself so God can help you.
Microsoft MVP, 2006 - 2008

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
Huh? How can you buy a "preset" router? Granted mine will be 5 years old in November but I don't understand what you mean. You have to clone the MAC address for one thing. That can't be done at Amazon.


ahulett
Premium,VIP
join:2003-02-02
Kirkland, WA
kudos:2

2 edits
Cloning a MAC address isn't always necessary. I know for me with Comcast, that when the modem is powered on, it looks at the MAC address of the network device plugged into it, and if it's a router, it latches onto it just as it would if it was a computer's network card. (Where one enters trouble is if they change what the modem is plugged into - it won't work until the modem is power-cycled and the modem picks up the new MAC address.)

If I go to Best Buy, pick out a router/switch/WAP all-in-one device, come home and plug it in, it will work out of the box because the router will pull an address from the cable modem, will perform no logging in which is ok as that's not needed on a Comcast Internet connection, and the interal DHCP is set to hand out IP address to clients on the home network.

While this works with Comcast, other ISPs may have different needs, such as if a DSL connection requires logging in via PPPoE, for example, or if the ISP ties the login with a specific MAC address (such as the one used to complete the sign-up).

Hope I was helpful. It is 1:30am and I struggle with clarity when I'm sleepy.

Aaron

[Edit to get the signature with the all-important disclaimer included.]
--
Aaron Hulett | Senior Spyware Researcher | Microsoft Malware Protection Center
This posting is provided "AS IS" without warranty, and confers no rights.


Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
kudos:13
reply to Mele20
said by Mele20:

Huh? How can you buy a "preset" router? Granted mine will be 5 years old in November but I don't understand what you mean. You have to clone the MAC address for one thing. That can't be done at Amazon.
Think about it. You get it from ISP and in most cases for free. If you buy elsewhere then of course you have make some minor changes. It boils down as always to user awareness.

Cudni
--
"Mercifully, he hit him with the soft end of the pistol."
Help yourself so God can help you.
Microsoft MVP, 2006 - 2008

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to ahulett
said by ahulett:

Cloning a MAC address isn't always necessary. I know for me with Comcast, that when the modem is powered on, it looks at the MAC address of the network device plugged into it, and if it's a router, it latches onto it just as it would if it was a computer's network card. (Where one enters trouble is if they change what the modem is plugged into - it won't work until the modem is power-cycled and the modem picks up the new MAC address.)

If I go to Best Buy, pick out a router/switch/WAP all-in-one device, come home and plug it in, it will work out of the box because the router will pull an address from the cable modem, will perform no logging in which is ok as that's not needed on a Comcast Internet connection, and the interal DHCP is set to hand out IP address to clients on the home network.

While this works with Comcast, other ISPs may have different needs, such as if a DSL connection requires logging in via PPPoE, for example, or if the ISP ties the login with a specific MAC address (such as the one used to complete the sign-up).

Hope I was helpful. It is 1:30am and I struggle with clarity when I'm sleepy.

Aaron

[Edit to get the signature with the all-important disclaimer included.]
Road Runner requires the MAC address be entered. Plus, I had to configure both computers (one is a 98SE box) and then configure the router. Not hard to do but it certainly wasn't automatic out the box, plug it in, and whamo everything works. Besides being required to enter the router interface to configure it, I had to get into the interface to be able to change the DHCP lease time. The router I have is Version 3 and Linksy has a Version 4 that people are still buying and you have to configure the computers and then the router still.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to Cudni
said by Cudni:

said by Mele20:

Huh? How can you buy a "preset" router? Granted mine will be 5 years old in November but I don't understand what you mean. You have to clone the MAC address for one thing. That can't be done at Amazon.
Think about it. You get it from ISP and in most cases for free. If you buy elsewhere then of course you have make some minor changes. It boils down as always to user awareness.

Cudni
Maybe where you are routers are free from the ISP but not here. If I want to use a router, I have to buy one and I have broadband with one of the largest ISPs in the USA. My ISP still makes me unplug the router and connect directly for troubleshooting.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason


Lanik
Lab-nik
Premium,ExMod 2002-03
join:2001-06-25
San Francisco, CA
reply to Mele20
said by Mele20:

... Linksy has a Version 4 that people are still buying and you have to configure the computers and then the router still.
That's not true, they include a CD all you have to do is run it and you're online, laziness at its best.
--
"If it ain't broke don't fix it."


CajunTek
Insane Cajun
Premium,MVM
join:2003-08-08
Arlington, TX
reply to Mele20
said by Mele20:

said by Cudni:

said by Mele20:

Huh? How can you buy a "preset" router? Granted mine will be 5 years old in November but I don't understand what you mean. You have to clone the MAC address for one thing. That can't be done at Amazon.
Think about it. You get it from ISP and in most cases for free. If you buy elsewhere then of course you have make some minor changes. It boils down as always to user awareness.

Cudni
Maybe where you are routers are free from the ISP but not here. If I want to use a router, I have to buy one and I have broadband with one of the largest ISPs in the USA. My ISP still makes me unplug the router and connect directly for troubleshooting.
Actually most routers will work out of the box..
--
da Cajun Darn I hate Malware


jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
kudos:2

4 edits
reply to Mele20
said by CajunTek:

Actually most routers will work out of the box..
Exactly right...or certainly a lot of them will.

At my Daughters house (Comcast), she could go to Best Buy (buy a Linksys WRT54G for example), take it out of the box, hook it to the Cable Modem, power it on...(maybe recycle the Modem), and it will work with no configuration at all...no CD, no nothing.

It will have a password "admin", and will already have wireless on by default with an SSID of "Linksys".
(Of course, had I not shown her the Configuration page, "admin" wouldn't have meant a thing to her, nor would she have cared about it).
--
I had a life once.....now I have a Computer and a Modem.


CajunTek
Insane Cajun
Premium,MVM
join:2003-08-08
Arlington, TX
said by jabarnut:

said by CajunTek:

Actually most routers will work out of the box..
Exactly right...or certainly a lot of them will.

At my Daughters house (Comcast), she could go to Best Buy (buy a Linksys WRT54G for example), take it out of the box, hook it to the Cable Modem, power it on, (maybe recycle the Modem), and it will work with no configuration at all...no CD, no nothing.

It will have a password "admin", and will already have wireless on by default with an ssid of "Linksys".
(Of course, unless I had showed her the Configuration page, "admin" wouldn't have meant a thing to her anyway, nor would she have cared about it).
Works that way with RoadRunner too...
--
da Cajun Darn I hate Malware

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to CajunTek
said by CajunTek:

Actually most routers will work out of the box..
So, you are saying that most routers know that the IP is static if it is? And most routers somehow know to clone the MAC address? And the router automatically knows if you have DSL if you have PPoE or DHCP? How does the router know if you have RAS or PPTP or Heart Beat Signal? (Those aren't used in the USA). The router knows not to handle DHCP if you don't want it to? It knows how to set the DHCP lease time if you are having it handle DHCP? Wow, I guess Linksy is really behind the times since the current version of their router that I have is just like mine. It has to be set up. At least that what Linksy told me maybe a year ago. Maybe it has changed but I don't think there is a newer version of this router since the latest version was issued about two-three years ago.

"# Supports DHCP, Universal Plug-and-Play (UPnP), and includes a user-friendly Setup Wizard for easy configuration
# Included Setup Wizard takes you through configuring your network, step by step."
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason


jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
kudos:2
See ahulett See Profile's post. That describes it pretty well.

»Re: In the Wild: Zlob Changing Router Settings to Hijack DNS

As far as those "user-friendly Setup Wizard" CD's, I just throw them in the garbage or use them for target practice myself.
--
I had a life once.....now I have a Computer and a Modem.


Lanik
Lab-nik
Premium,ExMod 2002-03
join:2001-06-25
San Francisco, CA
reply to Mele20
said by Mele20:

So, you are saying that most routers know that the IP is static if it is?
If a user is knowledgeable enough to get a static IP they should be able to configure a router properly.
said by Mele20:

And the router automatically knows if you have DSL if you have PPoE or DHCP?
The wizard on the CD takes care of that.
said by Mele20:

How does the router know if you have RAS or PPTP or Heart Beat Signal? (Those aren't used in the USA). The router knows not to handle DHCP if you don't want it to? It knows how to set the DHCP lease time if you are having it handle DHCP?
All those are advanced features that Joe User doesn't care about as long as "it works".
--
"If it ain't broke don't fix it."


Raz

@adsl-dhcp.tele.dk
reply to Mele20
said by Mele20:

...And most routers somehow know to clone the MAC address?
Maybe you need to clone the MAC address. Not everybody needs to do that. I certainly do not.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to jabarnut
said by jabarnut:

See ahulett See Profile's post. That describes it pretty well.

»Re: In the Wild: Zlob Changing Router Settings to Hijack DNS

As far as those "user-friendly Setup Wizard" CD's, I just throw them in the garbage or use them for target practice myself.
Yes. I read Aaron's post. But it doesn't apply to this Linksy router. I quoted from the Linksy page for this router. You have to set it up ...even the current version. I just answered two posts recently (not here) from users who had just bought this router and had questions about setting it up.

Obviously, SOME ROUTERS AND SOME ISPS allow you to do nothing but plug in the router. Obviously, my ISP and router are superior because they require you to not be a dumb idiot who does stupid things regarding routers. But teaching your children or anyone else to not configure the router really surprises me since this is a security forum. ALL USERS need to be educated properly about security including how to use a router securely. If this is done then there will be no problems regarding default passwords. Geez.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason


jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
kudos:2

4 edits
said by Mele20:

... But teaching your children or anyone else to not configure the router really surprises me since this is a security forum.
I hope you weren't referring to me as far as "teaching my children". (Or any acquaintance I run into who doesn't have their home network properly secured, for that matter).
The first thing I did after my Daughter bought a Router was to teach her how to configure it properly for security.

(You don't generally need that silly "wizard CD" to achieve that, btw)
Maybe you misunderstood the reason I throw those things in the drawer to collect dust.

And back to the original topic, if you read the link posted by bcastner See Profile, you'll see it said:

quote:
Relatively few people ever change the default username and password on their wireless routers
From my experience visiting many people (most of whom don't hang around security forums), or if I'm looking around at various SSID's in the neighborhood, I have no doubt in my mind that this is true. (9 times out of 10, if they are broadcasting the default SSID, they still have the default password too).

If I see them broadcasting "Linksys" or "default" etc, I can be relatively sure that they just plugged them in and started using them. (Especially when they show as not being secure, and allow me to connect, and/or access their configuration page).

Of course, I would never do that.
--
I had a life once.....now I have a Computer and a Modem.

mikenolan7
Premium
join:2005-06-07
Torrance, CA

1 edit
reply to Mele20
I don't consider the necessity to use MAC address cloning to be a feature that makes an ISP superior. It is essentially breaking the way things were designed to work, with no two pieces of hardware having the same MAC address. I like to tinker with different security solutions, and frequently have different NAT routers, or home built firewalls on different OS's as the first thing the ISP sees. I don't want to be cloning MAC addresses all over the place, that would eventually lead to communication problems within my LAN.

I don't have RR any more, but when I did, MAC address cloning was not required. It took a few minutes for a new MAC address to be recognized and accepted, but eventually it was given a DHCP address.

News about exploits designed to attack NAT routers automatically from within your LAN is becoming more and more frequent. A good defense is a rule on your software firewalls that prevents outgoing traffic from the machines within your LAN to your router. Disable the rule temporarily to administer your router.

For home users, that are able to shut down internet access for a few minutes, it is a good idea to disconnect your WAN port when making modifications to your router configuration. Most NAT routers are more susceptible to shenanigans when rebooting. I would even recommend disconnecting LAN ports other than the one you are administering the router from when you make configuration changes.

Router exploits are very high risk. Without monitoring on your WAN port, which is very difficult to maintain due to the large number of log entries you get, how would you know if your router was compromised?

Edit: spelling


Cthen

join:2004-08-01
Detroit, MI
Reviews:
·Verizon Wireless..

1 recommendation

reply to Mele20
said by Mele20:

said by jabarnut:

See ahulett See Profile's post. That describes it pretty well.

»Re: In the Wild: Zlob Changing Router Settings to Hijack DNS

As far as those "user-friendly Setup Wizard" CD's, I just throw them in the garbage or use them for target practice myself.
Yes. I read Aaron's post. But it doesn't apply to this Linksy router. I quoted from the Linksy page for this router. You have to set it up ...even the current version. I just answered two posts recently (not here) from users who had just bought this router and had questions about setting it up.

Obviously, SOME ROUTERS AND SOME ISPS allow you to do nothing but plug in the router. Obviously, my ISP and router are superior because they require you to not be a dumb idiot who does stupid things regarding routers. But teaching your children or anyone else to not configure the router really surprises me since this is a security forum. ALL USERS need to be educated properly about security including how to use a router securely. If this is done then there will be no problems regarding default passwords. Geez.
All your arguing through this amounts to squat at what the article is referring to. Sure you may or may not have to configure a router to get a connection but that point means nothing. Either way this type of exploit needs a connection to be up and running for anything to happen or to even get the malware on your machine in the first place.

So here is how it all plays out. Joe Blow buys a router (and this can even be your beloved Linksys model), he did what he needed to do in configuring it so he could get a connection. That's all he did because hey, it works now! So Joe Blow visits a site to see a video but it tells him he needs to download a codec to play the video. Well ofcourse he wants to see the video so he downloads and installs this codec and gets to see his video. Due to Joe Blow's ignorance his router is about to get pwned in the next few minutes. Why? Joe Blow never changed his default user name and password to his router! Sure he cloned the MAC addy as needed and had to do maybe a few other thing to get the connection going, but that was it.

Sadly, that's the reality here. You can buy any router you want from any store be it online or brick and mortar. Configure said router any which way you please. However if the default username and password isn't changed, it will get pwned by this if it's on one of your machines.

Now do you get it?

dadarkside
Premium
join:2006-05-20
The Moon
reply to bcastner
Can we here more about the Codec?

And this is for the MS Spyware guru too...

How about a rehash of the steps needed to prevent Media Player from auto downloading new or missing codecs...

My wife does video, she edits, creates and animates. And she's not always security conscious. This is an infection vector that really troubles me, for these very reasons.


EGeezer
zichrona livracha
Premium
join:2002-08-04
Midwest
kudos:8
Reviews:
·Callcentric

1 recommendation

reply to bcastner

Yesterday's "useless POC" becomes ...

Well, seems like the DSLR folk were ahead of the curve on this one too - there were several topics related to this type of exploit. Among them;

»Raising Awareness: Another CSRF Attack (Linksys)

»Router hacking challenge at Hacker Webzine

»Harden your router/AP in five steps

Yesterdays FUD and impractical concept becomes today's successful exploit
--
If dogs travel in space at the speed of light, do they reach their destination in dog-light years?


bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
kudos:7
This is a completely different attack vector than the ones using Flash and javascript discussed earlier.

In this case you have Zlob using the address space of several components of the Winlogon process, and the edits to the router itself are done through straight Winsock calls.

But yes, this Forum has been right there on this issue of the router itself as an attack surface from early on.


EGeezer
zichrona livracha
Premium
join:2002-08-04
Midwest
kudos:8
Reviews:
·Callcentric

1 edit
said by bcastner:

This is a completely different attack vector than the ones using Flash and javascript discussed earlier. ...
But yes, this Forum has been right there on this issue of the router itself as an attack surface from early on.
I agree the method used (scripting versus malware) is different, but still uses the concept of exploiting a router's default settings from the LAN side. The big argument presented in the earlier discussions was that it was impractical to consider LAN side attempts unless one was hacking one's own network.

However that is now discredited, at least in part, by a working "in the wild" exploit that has taken advantage of the opportunity and complacence of the user community.

And yes, you and others here are right at the forefront - that's what I like about this bunch
--
If dogs travel in space at the speed of light, do they reach their destination in dog-light years?


DownTheShore
Honoring The Captain
Premium
join:2003-12-02
Beautiful NJ
kudos:14
Reviews:
·Verizon Online DSL

3 recommendations

reply to bcastner

Re: In the Wild: Zlob Changing Router Settings to Hijack DNS

What you folks have to remember about routers is that you all tend to say "I have a router so I don't worry about that" or "Get a router and you won't have to worry about that" in your posts. So to those of us who only have a modium of technical awareness, we think we are taking a big step forward by getting the router and hooking it up. I know that I had no fuss when hooking up my router to the OOL system. But I knew from being here for years that one of the things I should do is change the name and password, which I did immediately. But that's not something the average person would even think about.

There's a lot of knowledge about things that is "understood" here by people which is never articulated because the assumption is that everyone knows what the next steps should be, or what the consequences are, or how the thing actually works - but that always isn't true. A lot of us have just a finite bit of understanding, and sometimes we just don't know the follow-up questions that should be asked. For example, I'm learning now in another thread some basic answers about imaging a hard driver, things that I was never quite clear about - like whether or not the image is the actual size or a compressed size.
--
Life is simply one damned thing after another.


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse
There's a lot of knowledge about things that is "understood" here by people which is never articulated because the assumption is that everyone knows what the next steps should be, or what the consequences are, or how the thing actually works - but that always isn't true.
Perhaps. However, the importance of changing the router administrative password has been often repeated here.
--
AT&T dsl; Westell 327w modem/router; SuSE 10.1; firefox 2.0.0.14


Raz

@adsl-dhcp.tele.dk

1 recommendation

reply to Mele20
said by Mele20:

Obviously, my ISP and router are superior because they require you to...
...clone your MAC address?


nukscull

@rr.com
reply to Mele20
said by Mele20:

Road Runner requires the MAC address be entered.
No they don't. You just have to power cycle the modem to get it to recognize a new MAC address. I do this all the time with if I have to connect something other than my router direct to the modem. It will not work if you just plug something in, you need to power cycle it and it will register the new MAC now plugged in and give you a new IP.