Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
| reply to Mele20
Re: In the Wild: Zlob Changing Router Settings to Hijack DNS
said by Mele20  :Huh? How can you buy a "preset" router? Granted mine will be 5 years old in November but I don't understand what you mean. You have to clone the MAC address for one thing. That can't be done at Amazon. Think about it. You get it from ISP and in most cases for free. If you buy elsewhere then of course you have make some minor changes. It boils down as always to user awareness.
Cudni
--
"Mercifully, he hit him with the soft end of the pistol."
Help yourself so God can help you.
Microsoft MVP, 2006 - 2008 |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| said by Cudni :said by Mele20 :Huh? How can you buy a "preset" router? Granted mine will be 5 years old in November but I don't understand what you mean. You have to clone the MAC address for one thing. That can't be done at Amazon. Think about it. You get it from ISP and in most cases for free. If you buy elsewhere then of course you have make some minor changes. It boils down as always to user awareness. Cudni Maybe where you are routers are free from the ISP but not here. If I want to use a router, I have to buy one and I have broadband with one of the largest ISPs in the USA. My ISP still makes me unplug the router and connect directly for troubleshooting.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
CajunTek
Insane Cajun
Premium,MVM
join:2003-08-08
Arlington, TX
 ·RoadRunner Cable
| said by Mele20 :said by Cudni :said by Mele20 :Huh? How can you buy a "preset" router? Granted mine will be 5 years old in November but I don't understand what you mean. You have to clone the MAC address for one thing. That can't be done at Amazon. Think about it. You get it from ISP and in most cases for free. If you buy elsewhere then of course you have make some minor changes. It boils down as always to user awareness. Cudni Maybe where you are routers are free from the ISP but not here. If I want to use a router, I have to buy one and I have broadband with one of the largest ISPs in the USA. My ISP still makes me unplug the router and connect directly for troubleshooting. Actually most routers will work out of the box..
--
da Cajun Darn I hate Malware |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| said by CajunTek :Actually most routers will work out of the box.. So, you are saying that most routers know that the IP is static if it is? And most routers somehow know to clone the MAC address? And the router automatically knows if you have DSL if you have PPoE or DHCP? How does the router know if you have RAS or PPTP or Heart Beat Signal? (Those aren't used in the USA). The router knows not to handle DHCP if you don't want it to? It knows how to set the DHCP lease time if you are having it handle DHCP? Wow, I guess Linksy is really behind the times since the current version of their router that I have is just like mine. It has to be set up. At least that what Linksy told me maybe a year ago. Maybe it has changed but I don't think there is a newer version of this router since the latest version was issued about two-three years ago.
"# Supports DHCP, Universal Plug-and-Play (UPnP), and includes a user-friendly Setup Wizard for easy configuration
# Included Setup Wizard takes you through configuring your network, step by step."
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
| See ahulett 's post. That describes it pretty well.
»Re: In the Wild: Zlob Changing Router Settings to Hijack DNS
As far as those "user-friendly Setup Wizard" CD's, I just throw them in the garbage or use them for target practice myself.
--
I had a life once.....now I have a Computer and a Modem. |
|
Lanik
Lab-nik
Premium,ExMod 2002-03
join:2001-06-25
Bay Area
| reply to Mele20
said by Mele20 :So, you are saying that most routers know that the IP is static if it is? If a user is knowledgeable enough to get a static IP they should be able to configure a router properly.
said by Mele20 :And the router automatically knows if you have DSL if you have PPoE or DHCP? The wizard on the CD takes care of that.
said by Mele20 :How does the router know if you have RAS or PPTP or Heart Beat Signal? (Those aren't used in the USA). The router knows not to handle DHCP if you don't want it to? It knows how to set the DHCP lease time if you are having it handle DHCP? All those are advanced features that Joe User doesn't care about as long as "it works".
--
"If it ain't broke don't fix it." |
|
Raz
@tele.dk
| reply to Mele20
said by Mele20 :...And most routers somehow know to clone the MAC address? Maybe you need to clone the MAC address. Not everybody needs to do that. I certainly do not. |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to jabarnut
Yes. I read Aaron's post. But it doesn't apply to this Linksy router. I quoted from the Linksy page for this router. You have to set it up ...even the current version. I just answered two posts recently (not here) from users who had just bought this router and had questions about setting it up.
Obviously, SOME ROUTERS AND SOME ISPS allow you to do nothing but plug in the router. Obviously, my ISP and router are superior because they require you to not be a dumb idiot who does stupid things regarding routers. But teaching your children or anyone else to not configure the router really surprises me since this is a security forum. ALL USERS need to be educated properly about security including how to use a router securely. If this is done then there will be no problems regarding default passwords. Geez.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
4 edits | said by Mele20 :... But teaching your children or anyone else to not configure the router really surprises me since this is a security forum. I hope you weren't referring to me as far as "teaching my children". (Or any acquaintance I run into who doesn't have their home network properly secured, for that matter).
The first thing I did after my Daughter bought a Router was to teach her how to configure it properly for security.
(You don't generally need that silly "wizard CD" to achieve that, btw)
Maybe you misunderstood the reason I throw those things in the drawer to collect dust. 
And back to the original topic, if you read the link posted by bcastner , you'll see it said:
quote:
Relatively few people ever change the default username and password on their wireless routers
From my experience visiting many people (most of whom don't hang around security forums), or if I'm looking around at various SSID's in the neighborhood, I have no doubt in my mind that this is true. (9 times out of 10, if they are broadcasting the default SSID, they still have the default password too).
If I see them broadcasting "Linksys" or "default" etc, I can be relatively sure that they just plugged them in and started using them. (Especially when they show as not being secure, and allow me to connect, and/or access their configuration page).
Of course, I would never do that. 
--
I had a life once.....now I have a Computer and a Modem. |
|
mikenolan7
Premium
join:2005-06-07
Torrance, CA
 ·Sprint Mobile Broa..
1 edit | reply to Mele20
I don't consider the necessity to use MAC address cloning to be a feature that makes an ISP superior. It is essentially breaking the way things were designed to work, with no two pieces of hardware having the same MAC address. I like to tinker with different security solutions, and frequently have different NAT routers, or home built firewalls on different OS's as the first thing the ISP sees. I don't want to be cloning MAC addresses all over the place, that would eventually lead to communication problems within my LAN.
I don't have RR any more, but when I did, MAC address cloning was not required. It took a few minutes for a new MAC address to be recognized and accepted, but eventually it was given a DHCP address.
News about exploits designed to attack NAT routers automatically from within your LAN is becoming more and more frequent. A good defense is a rule on your software firewalls that prevents outgoing traffic from the machines within your LAN to your router. Disable the rule temporarily to administer your router.
For home users, that are able to shut down internet access for a few minutes, it is a good idea to disconnect your WAN port when making modifications to your router configuration. Most NAT routers are more susceptible to shenanigans when rebooting. I would even recommend disconnecting LAN ports other than the one you are administering the router from when you make configuration changes.
Router exploits are very high risk. Without monitoring on your WAN port, which is very difficult to maintain due to the large number of log entries you get, how would you know if your router was compromised?
Edit: spelling |
|
Cthen
join:2004-08-01
Ypsilanti, MI
·Comcast
| reply to Mele20
said by Mele20 :Yes. I read Aaron's post. But it doesn't apply to this Linksy router. I quoted from the Linksy page for this router. You have to set it up ...even the current version. I just answered two posts recently (not here) from users who had just bought this router and had questions about setting it up. Obviously, SOME ROUTERS AND SOME ISPS allow you to do nothing but plug in the router. Obviously, my ISP and router are superior because they require you to not be a dumb idiot who does stupid things regarding routers. But teaching your children or anyone else to not configure the router really surprises me since this is a security forum. ALL USERS need to be educated properly about security including how to use a router securely. If this is done then there will be no problems regarding default passwords. Geez. All your arguing through this amounts to squat at what the article is referring to. Sure you may or may not have to configure a router to get a connection but that point means nothing. Either way this type of exploit needs a connection to be up and running for anything to happen or to even get the malware on your machine in the first place.
So here is how it all plays out. Joe Blow buys a router (and this can even be your beloved Linksys model), he did what he needed to do in configuring it so he could get a connection. That's all he did because hey, it works now! So Joe Blow visits a site to see a video but it tells him he needs to download a codec to play the video. Well ofcourse he wants to see the video so he downloads and installs this codec and gets to see his video. Due to Joe Blow's ignorance his router is about to get pwned in the next few minutes. Why? Joe Blow never changed his default user name and password to his router! Sure he cloned the MAC addy as needed and had to do maybe a few other thing to get the connection going, but that was it.
Sadly, that's the reality here. You can buy any router you want from any store be it online or brick and mortar. Configure said router any which way you please. However if the default username and password isn't changed, it will get pwned by this if it's on one of your machines.
Now do you get it?  |
|
Raz
@tele.dk
 from:
Grail Knight
| reply to Mele20
said by Mele20 :Obviously, my ISP and router are superior because they require you to... ...clone your MAC address?  |
|
cork1958
Cork
join:2000-02-26
Fruitport, MI
 ·Verizon Online DSL
·Charter Pipeline
| reply to Raz
said by Raz :said by Mele20 :...And most routers somehow know to clone the MAC address? Maybe you need to clone the MAC address. Not everybody needs to do that. I certainly do not. I have NEVER yet come across a router that didn't just work out of the box, as long as you boot things in the correct order especially (modem, router, then computer).
--
The Firefox alternative.
»www.mozilla.org/projects/seamonkey/ |
|
