Use default passwords, get hijacked !

 CastleCops -> Internet Connectivity
Do you change the default password of your wireless router?
Absolutely
100%
 100%  [ 2 ]
My network is secure, who cares
0%
 0%  [ 0 ]
I don't mind hacking my router
0%
 0%  [ 0 ]
Total Votes : 2

Author: xmachineLocation: Kuwait PostPosted: Sat Jun 14, 2008 8:46 am    Post subject: Use default passwords, get hijacked !
As the title says, use default password on your wireless/wired routers and wait for the new variant of the "Zlob" trojan to infect some machines, then try every default router uname/password combinations from http://www.routerpassword.com/.

Or even check this text file, search for your current user/pass to make sure they are not in the list. http://blog.washingtonpost.com/securityfix/zlobpass.txt

Continue reading ...
Author: PaulW2 PostPosted: Wed Jun 18, 2008 12:32 am    Post subject: Re: Use default passwords, get hijacked !
xmachine wrote:
As the title says, use default password on your wireless/wired routers and wait for the new variant of the "Zlob" trojan to infect some machines, then try every default router uname/password combinations from http://www.routerpassword.com/.

http://www.routerpasswords.com/ is of course the site that you meant to refer to. Very Happy
Author: xmachineLocation: Kuwait PostPosted: Wed Jun 18, 2008 3:57 am    Post subject:
ya, it's http://www.routerpasswords.com/

sorry for the typo
Author: johnlgalt PostPosted: Thu Jun 19, 2008 5:25 am    Post subject:
I take it many steps further than that.

My router had both an admin and a user account - I enable the admin account with a really long password that uses a variety of character sets - standard letters (both lower case and upper case) numbers, symbols, basically anything the router will allow. it is a minimum of 32 characters, and I never ever use it unless I *absolutely* have to.

I then enable the user account and make its password around 24 chars, a bit easier to remember, but nothing that a simple dictionary attack will find (thank goodness my folks are from India - I got a whole slew of words you'll never find in a dictionary Razz)

Then, I change the default IP address of the router - no more using standard 192.168.0.1, 192.168.1.1, or 192.168.1.100, etc. I disable any type of remote management (if it doesn't work and I am not here' you'll just have to wait). I lock down most of the settings, including making it unresponsive to ICMP Pings, etc, don't allow virtual servers to run, have nothing configured in the DMZ, and have enabled the log, which I capture to my computer using Kiwi SysLog Daemon (free for personal use for a single device). *that* log gets sent hourly to DShield for IP analysis to see what different IPs are trying to hammer my router.

There are many other settings on there to make it secure, and if i had the time I would research the use of DD-WRT (an open source Linux based software for routers that is supposed to be a lot more secure) but that comes later....

if I enable wireless (as I have to for guests) then it is WPA2 only - if their machines cannot handle WPA2, then they will be forced to plug into the wired ports - but that is not so bad because I have 4 network drops I put in my house.

Now, this is not for bragging rights - I mention all these because just changing your password doesn't take you from being at risk to being 100% safe - heck, even all the safety measures I have taken doesn't make *me* 100% safe - but it makes me *safer*.

I ma sure that others here can come up with other suggestions as well on ow to improve upon this, taking your relative level of safety even higher - and I welcome the suggestions. As I said, I know I am not perfectly safe - or even close.
CastleCops -> Internet Connectivity

All times are GMT

Page 1 of 1


Powered by phpBB © 2001 phpBB Group