dslreports logo
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
865
share rss forum feed


antdude
A Matrix Ant
Premium,VIP
join:2001-03-25
United State
kudos:5

2 recommendations

Hackers hijack 300,000-plus wireless routers, make malicious changes

»arstechnica.com/security/2014/03 ··· changes/

Yikes, that's a high number!


Parad0X787
"If U know neither the enemy nor yoursel
Premium
join:2013-09-17
Edmonton, AB
{{{ SMILE }}} ..... indeed


Doc Casualty

join:2005-02-06
Harbor Springs, MI
reply to antdude
Sobering article. I'm about to install a new router, an ASUS RT N66U and don't know what I should or could do to make things safer for my network given these known exploitations.

daveinpoway
Premium
join:2006-07-03
Poway, CA
kudos:3

3 recommendations

I saw one interesting thing (near the end)- a recommendation to use a command-line configuration (instead of a web interface). My guess that this is generally impractical, since few home users would be up to this (some of them can probably barely understand the web configuration).


dib22

join:2002-01-27
Kansas City, MO

1 recommendation

reply to Doc Casualty
said by Doc Casualty:

I'm about to install a new router, an ASUS RT N66U and don't know what I should or could do to make things safer for my network given these known exploitations.

Asus makes great hardware, but put Tomato on it.

I like shibby's but there are plenty of builds out there.

»tomato.groov.pl/?page_id=69


norwegian
Premium
join:2005-02-15
Outback
kudos:1

2 recommendations

reply to daveinpoway
said by daveinpoway:

I saw one interesting thing....

....some of them can probably barely understand the web configuration.

To be honest, 75% of the people I know would refuse to mess with the default configuration if it starts working.
'Don't mess with something if it works' motto.
The real world out there should be forced to set pages on loading the box, even if GUI.

'Innocence and ignorance' versus 'sales and low overhead requests'; and you wonder how anyone wins at all.
We end up with daily new occurrences of hardware and software exploits on hardware and software that has a near 1 - 3 year life cycle in stories like this.

How anyone keeps up is beyond me.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke


HarryH3
Premium
join:2005-02-21
kudos:3

1 recommendation

reply to Doc Casualty
said by Doc Casualty:

Sobering article. I'm about to install a new router, an ASUS RT N66U and don't know what I should or could do to make things safer for my network given these known exploitations.

Update the firmware as soon as you get it online. ASUS recently published a new version with security fixes. I just got an RT-N66 last week and it had an earlier version installed. (Though once I confirmed it was working I upgraded to the Merlin custom firmware. It has more features, yet is based on the ASUS code.) I'm thinking I'll probably change to Tomato, as to me at least, it has a more intuitive interface. Perhaps I'm just used to it, as I ran it on my WRT54G's for years.


Parad0X787
"If U know neither the enemy nor yoursel
Premium
join:2013-09-17
Edmonton, AB
Agreed & try to keep it simple and test after all the configuration !!!
Cause you need one time perfect settings for your secure PORTAL


Chubbzie

join:2014-02-11
Greenville, NC

1 recommendation

reply to antdude
Ha, just a simple GET request to »192.168.1.1/Forms/tools_admin_1 for many of the TP-Link devices... just sad.

Evidently most of the SOHO router market manufacturers are decent at building a router but horrific at security testing their on products. Hmmmm, sounds like a niche market could open up for a company to offer pen testing for various consumer routers.

Just give me the ability to remove the GUI/web daemon and replace with my own.


therube

join:2004-11-11
Randallstown, MD

2 recommendations

reply to antdude
Related, Default settings ex-HD to ASUS wide open.

daveinpoway
Premium
join:2006-07-03
Poway, CA
kudos:3

1 recommendation

reply to norwegian
You are lucky that around 25% of the people you know are able and willing to configure a router- for the folks I know, the figure is about 10%.


Doc Casualty

join:2005-02-06
Harbor Springs, MI
Reviews:
·Charter
reply to HarryH3
said by HarryH3:

Update the firmware as soon as you get it online.

Set it up today and did that right away. Nice router with a very easy setup! I'll think about the Tomato option, though I've never switched to an open source FW before on my Linksys routers.


jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
USA
kudos:24

1 recommendation

reply to daveinpoway
Most people I know don't know that they can!

HarryH3
Premium
join:2005-02-21
kudos:3

1 recommendation

reply to Doc Casualty
The Merlin firmware is based on the stock ASUS firmware. He just adds some extra goodies. I just read that the IPv6 firewall in the newer stock ASUS firmware actually uses the code from Merlin. Apparently he and the folks at ASUS work together well.

More here: »www.lostrealm.ca/tower/node/79

starfish8

join:2004-06-30
reply to antdude
Assuming Remote Management is off, is it even possible for someone outside of your network to access your router GUI?