|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
Survey |
|
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Do you change the default password of your wireless router? |
| Absolutely |
|
100% |
[ 2 ] |
| My network is secure, who cares |
|
0% |
[ 0 ] |
| I don't mind hacking my router |
|
0% |
[ 0 ] |
|
| Total Votes : 2 |
|
| Author |
Message |
xmachine
Cadet
Joined: Jun 14, 2008
Posts: 2
Location: Kuwait
|
|
| Back to top |
|
 |
PaulW2
Sergeant
Premium Member
Joined: May 04, 2006
Posts: 133
|
 Posted: Wed Jun 18, 2008 12:32 am Post subject: Re: Use default passwords, get hijacked ! |
|
|
| xmachine wrote: | As the title says, use default password on your wireless/wired routers and wait for the new variant of the "Zlob" trojan to infect some machines, then try every default router uname/password combinations from http://www.routerpassword.com/.
|
http://www.routerpasswords.com/ is of course the site that you meant to refer to. 
|
|
| Back to top |
|
|
xmachine
Cadet
Joined: Jun 14, 2008
Posts: 2
Location: Kuwait
|
|
| Back to top |
|
|
johnlgalt
Special Response Team
Premium Member
Joined: Feb 27, 2007
Posts: 1403
|
| Posted: Thu Jun 19, 2008 5:25 am Post subject: |
|
|
I take it many steps further than that.
My router had both an admin and a user account - I enable the admin account with a really long password that uses a variety of character sets - standard letters (both lower case and upper case) numbers, symbols, basically anything the router will allow. it is a minimum of 32 characters, and I never ever use it unless I *absolutely* have to.
I then enable the user account and make its password around 24 chars, a bit easier to remember, but nothing that a simple dictionary attack will find (thank goodness my folks are from India - I got a whole slew of words you'll never find in a dictionary  )
Then, I change the default IP address of the router - no more using standard 192.168.0.1, 192.168.1.1, or 192.168.1.100, etc. I disable any type of remote management (if it doesn't work and I am not here' you'll just have to wait). I lock down most of the settings, including making it unresponsive to ICMP Pings, etc, don't allow virtual servers to run, have nothing configured in the DMZ, and have enabled the log, which I capture to my computer using Kiwi SysLog Daemon (free for personal use for a single device). *that* log gets sent hourly to DShield for IP analysis to see what different IPs are trying to hammer my router.
There are many other settings on there to make it secure, and if i had the time I would research the use of DD-WRT (an open source Linux based software for routers that is supposed to be a lot more secure) but that comes later....
if I enable wireless (as I have to for guests) then it is WPA2 only - if their machines cannot handle WPA2, then they will be forced to plug into the wired ports - but that is not so bad because I have 4 network drops I put in my house.
Now, this is not for bragging rights - I mention all these because just changing your password doesn't take you from being at risk to being 100% safe - heck, even all the safety measures I have taken doesn't make *me* 100% safe - but it makes me *safer*.
I ma sure that others here can come up with other suggestions as well on ow to improve upon this, taking your relative level of safety even higher - and I welcome the suggestions. As I said, I know I am not perfectly safe - or even close.
_________________
<img src="http://www.castlecops.com/zx/johnlgalt/johnlgalt%20sig.png">
<img src="http://www.castlecops.com/zx/johnlgalt/John%20L.%20Galt%20%20CPU-Z.png">
|
|
| Back to top |
|
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB © 2001 phpBB Group
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
