ahulett
Life Without Walls
Premium
join:2003-02-02
Bellevue, WA
2 edits | reply to Mele20
Re: In the Wild: Zlob Changing Router Settings to Hijack DNS
Cloning a MAC address isn't always necessary. I know for me with Comcast, that when the modem is powered on, it looks at the MAC address of the network device plugged into it, and if it's a router, it latches onto it just as it would if it was a computer's network card. (Where one enters trouble is if they change what the modem is plugged into - it won't work until the modem is power-cycled and the modem picks up the new MAC address.)
If I go to Best Buy, pick out a router/switch/WAP all-in-one device, come home and plug it in, it will work out of the box because the router will pull an address from the cable modem, will perform no logging in which is ok as that's not needed on a Comcast Internet connection, and the interal DHCP is set to hand out IP address to clients on the home network.
While this works with Comcast, other ISPs may have different needs, such as if a DSL connection requires logging in via PPPoE, for example, or if the ISP ties the login with a specific MAC address (such as the one used to complete the sign-up).
Hope I was helpful. It is 1:30am and I struggle with clarity when I'm sleepy. 
Aaron
[Edit to get the signature with the all-important disclaimer included.]
--
Aaron Hulett | Senior Spyware Researcher | Microsoft Malware Protection Center
This posting is provided "AS IS" without warranty, and confers no rights. |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| said by ahulett  :Cloning a MAC address isn't always necessary. I know for me with Comcast, that when the modem is powered on, it looks at the MAC address of the network device plugged into it, and if it's a router, it latches onto it just as it would if it was a computer's network card. (Where one enters trouble is if they change what the modem is plugged into - it won't work until the modem is power-cycled and the modem picks up the new MAC address.) If I go to Best Buy, pick out a router/switch/WAP all-in-one device, come home and plug it in, it will work out of the box because the router will pull an address from the cable modem, will perform no logging in which is ok as that's not needed on a Comcast Internet connection, and the interal DHCP is set to hand out IP address to clients on the home network. While this works with Comcast, other ISPs may have different needs, such as if a DSL connection requires logging in via PPPoE, for example, or if the ISP ties the login with a specific MAC address (such as the one used to complete the sign-up). Hope I was helpful. It is 1:30am and I struggle with clarity when I'm sleepy. Aaron [Edit to get the signature with the all-important disclaimer included.] Road Runner requires the MAC address be entered. Plus, I had to configure both computers (one is a 98SE box) and then configure the router. Not hard to do but it certainly wasn't automatic out the box, plug it in, and whamo everything works. Besides being required to enter the router interface to configure it, I had to get into the interface to be able to change the DHCP lease time. The router I have is Version 3 and Linksy has a Version 4 that people are still buying and you have to configure the computers and then the router still.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
Lanik
Lab-nik
Premium,ExMod 2002-03
join:2001-06-25
Bay Area
| said by Mele20 :... Linksy has a Version 4 that people are still buying and you have to configure the computers and then the router still. That's not true, they include a CD all you have to do is run it and you're online, laziness at its best.
--
"If it ain't broke don't fix it." |
|
jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
4 edits | reply to Mele20
said by CajunTek :Actually most routers will work out of the box.. Exactly right...or certainly a lot of them will.
At my Daughters house (Comcast), she could go to Best Buy (buy a Linksys WRT54G for example), take it out of the box, hook it to the Cable Modem, power it on...(maybe recycle the Modem), and it will work with no configuration at all...no CD, no nothing.
It will have a password "admin", and will already have wireless on by default with an SSID of "Linksys".
(Of course, had I not shown her the Configuration page, "admin" wouldn't have meant a thing to her, nor would she have cared about it).
--
I had a life once.....now I have a Computer and a Modem. |
|
CajunTek
Insane Cajun
Premium,MVM
join:2003-08-08
Arlington, TX
 ·RoadRunner Cable
| said by jabarnut :said by CajunTek :Actually most routers will work out of the box.. Exactly right...or certainly a lot of them will. At my Daughters house (Comcast), she could go to Best Buy (buy a Linksys WRT54G for example), take it out of the box, hook it to the Cable Modem, power it on, (maybe recycle the Modem), and it will work with no configuration at all...no CD, no nothing. It will have a password "admin", and will already have wireless on by default with an ssid of "Linksys". (Of course, unless I had showed her the Configuration page, "admin" wouldn't have meant a thing to her anyway, nor would she have cared about it). Works that way with RoadRunner too...
--
da Cajun Darn I hate Malware |
|
nukscull
@rr.com
| reply to Mele20
said by Mele20 :Road Runner requires the MAC address be entered. No they don't. You just have to power cycle the modem to get it to recognize a new MAC address. I do this all the time with if I have to connect something other than my router direct to the modem. It will not work if you just plug something in, you need to power cycle it and it will register the new MAC now plugged in and give you a new IP. |
|
Cheese
Premium
join:2003-10-26
Naples, FL
clubs:
1 edit | reply to Mele20
said by Mele20 :said by ahulett :Cloning a MAC address isn't always necessary. I know for me with Comcast, that when the modem is powered on, it looks at the MAC address of the network device plugged into it, and if it's a router, it latches onto it just as it would if it was a computer's network card. (Where one enters trouble is if they change what the modem is plugged into - it won't work until the modem is power-cycled and the modem picks up the new MAC address.) If I go to Best Buy, pick out a router/switch/WAP all-in-one device, come home and plug it in, it will work out of the box because the router will pull an address from the cable modem, will perform no logging in which is ok as that's not needed on a Comcast Internet connection, and the interal DHCP is set to hand out IP address to clients on the home network. While this works with Comcast, other ISPs may have different needs, such as if a DSL connection requires logging in via PPPoE, for example, or if the ISP ties the login with a specific MAC address (such as the one used to complete the sign-up). Hope I was helpful. It is 1:30am and I struggle with clarity when I'm sleepy. Aaron [Edit to get the signature with the all-important disclaimer included.] Road Runner requires the MAC address be entered. Plus, I had to configure both computers (one is a 98SE box) and then configure the router. Not hard to do but it certainly wasn't automatic out the box, plug it in, and whamo everything works. Besides being required to enter the router interface to configure it, I had to get into the interface to be able to change the DHCP lease time. The router I have is Version 3 and Linksy has a Version 4 that people are still buying and you have to configure the computers and then the router still. I never had to put a MAC address in for RR, they ran the line, hooked up the router and it connected, no configuring needed.
Mele, no offense, but I see you spread alot of FUD around here, maybe you shouldn't talk if you don't know what you are talking about |
|
ahulett
Life Without Walls
Premium
join:2003-02-02
Bellevue, WA
2 edits | It could be her specific market requires MAC registration whereas other markets do not (or maybe it's changed since initial sign-up - these things do change). Such as sometimes when a modem is registered in one Comcast service area and the customer moves to another, one may need to call to have the modem removed from that market's database so it can be registered in the new market. In my case, I didn't hit that when moving to from Michigan to Redmond, but I've seen others experience this when using their own modems.
The key here is to a) get router usernames/passwords off defaults, and b) help protect customers from such malicious code that leverages default usernames/passwords. While I have a much better shot at B than I do A, maybe an idea that router manufacturers can take away (Are any of you lurking?), if they're not already doing this today, is to jail WAN access until the default username/password is changed. This way, users are automatically sent to a configuration page and are walked through making the necessary changes to help secure their router.
[Edit - add my signature (with disclaimer) that seems to not add itself automatically when quick-replying]
--
Aaron Hulett | Senior Spyware Researcher | Microsoft Malware Protection Center
This posting is provided "AS IS" without warranty, and confers no rights. |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
 ·Callcentric
·RoadRunner Cable
·AT&T CallVantage
1 edit | reply to nukscull
Re: swapping devices
said by nukscull :
You just have to power cycle the modem to get it to recognize a new MAC address. I do this all the time with if I have to connect something other than my router direct to the modem. It will not work if you just plug something in, you need to power cycle it and it will register the new MAC now plugged in and give you a new IP.
I have had TWRR for several years. That's how mine works too. I occasionally swap devices (PCs, routers, network printers etc) for configuration and testing purposes. My steps are as follows;
1) Power off downstream device
2) Power off modem
3) Swap device
4) Power up modem
5) Power up device
Works every time.
Now if I were to move my modem to another location - or get another modem, that's a different situation. I have to have TWRR register that modem at that location.
--
If dogs travel in space at the speed of light, do they reach their destination in dog-light years? |
|
Annorax
join:2001-03-27
Apex, NC
| reply to Mele20
Re: In the Wild: Zlob Changing Router Settings to Hijack DNS
Road Runner requires the MAC address be entered.
Not So!
Road Runner will take a new MAC address if you leave the cable modem powered-off for 90 seconds or so before powering it back up again with new router (powered off) attached.
Once the modem has sync'ed up, power-on the router and it should work just fine with its default MAC address |
|
daveinpoway
Premium
join:2006-07-03
Poway, CA
| It seems to me that a lot of this could be avoided if the router manufacturers would make it mandatory that you go into the setup and set a new password before the unit will function; I believe this could be done by only adding a minimal amount of extra code to the router's internal firmware. To do it right, the setup screen should give the user some tips on creating a secure password.
Unfortunately, concerns about things like extra tech-support time being required to walk clueless users through this step means that something like this probably will not become common any time soon. |
|
Annorax
join:2001-03-27
Apex, NC
| said by daveinpoway :It seems to me that a lot of this could be avoided if the router manufacturers would make it mandatory that you go into the setup and set a new password before the unit will function Unfortunately, the vast majority of potential users are stoopid. The only way to make money from this group of the "great unwashed" is to make your product super easy to use.
They get away with this by packing in a lot of warning messages in the documentation (that goes unread by the stoopid people) and when the stoopid people complain the manufacturer is covered. "Didn't you read the manual?"
Reminds me of a Dilbert cartoon I love. "... now stand on your chair and yell "does anyone know how to read a manual?" |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
·Callcentric
·RoadRunner Cable
·AT&T CallVantage
1 edit | said by Annorax :Unfortunately, the vast majority of potential users are stoopid. The only way to make money from this group of the "great unwashed" is to make your product super easy to use. To a certain point I agree. However, just go to a local big box retailer and hear the salesman and the non-technical customer discuss the implementation of the new gizmo.
C: "well, I'm not a computer person. Is it hard to set up?"
S: "No problem - just pull it out of the box, plug in the wires as the diagram shows and it's set itself up. Or our GGR (Geek GangRape) experts can go to your home and set it up for you for only $229"
C: "Wow, that's a lot. I can plug in the doo-hickeys myself. thanks!" *trots to checkout to buy new router*
Alternative response:
C: "Wow, that's a lot but I'll have them set it up for me" *GGR installs router with defaults and the customer's pet guppy's name as the password (USER=ADMIN PW=FLUFFY)*
As for the "great unwashed", don't forget that technology is for people and not the other way around. Too many self-styled experts forget that - or aren't skilled enough to teach or develop solutions customers can use.
--
If dogs travel in space at the speed of light, do they reach their destination in dog-light years? |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T U-Verse
 ·AT&T Midwest
| reply to Annorax
said by Annorax :said by daveinpoway :It seems to me that a lot of this could be avoided if the router manufacturers would make it mandatory that you go into the setup and set a new password before the unit will function Unfortunately, the vast majority of potential users are stoopid. The only way to make money from this group of the "great unwashed" is to make your product super easy to use. A better solution would be for manufacturers to give a unique default password to each router, and print that password on the router (next to the serial number). Then physical access (ability to read the label) is required to change the settings. I'm pretty sure a few manufacturers already do this.
--
AT&T dsl; Westell 327w modem/router; SuSE 10.1; firefox 2.0.0.14 |
|
jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
4 edits | said by nwrickert :A better solution would be for manufacturers to give a unique default password to each router, and print that password on the router (next to the serial number). Then physical access (ability to read the label) is required to change the settings. I'm pretty sure a few manufacturers already do this. Well, in light of this exploit, I hope that more than a few manufacturers start doing this (or something similar).
It's pretty scary that the majority of Routers out there are still operating with the default password...and as I mentioned in an earlier post, I've confirmed this myself. (At least in my neck of the woods).
In the mean time, good luck to the 70 to 80% (maybe higher), of people who just buy these things, plug them in, and feel "secure". (Mainly because they've heard by word of mouth that's all they need to do to in order to keep most of the bad guys out).
I've also seen on many of the ISP "FAQ" pages, where they suggest that buying a Router will allow you to add additional Computers to your Broadband Connection....with the usual disclaimer that they are not responsible for maintaining it, should any problems arise.
Of course, with no mention whatsoever, that proper configuration for security is important.
--
I had a life once.....now I have a Computer and a Modem. |
|
