Question about router

[jsvidyad]

Hello,

I have a question regarding router security. I am not sure if this is the right forum to post this. If, somehow, someone manages to get admin access to my router(by hacking), is there some way that from the router he/she could also get into my ubuntu laptop when it's connected to that router? If there is some way, are there any safeguards against those ways?

[papibe]

Hi jsvidyad.

Both are possible, but it doesn't mean you are in imminent danger.

For starters, being behind a router using NAT is very good for security (as opposed to just using a modem).

A few tips:

• Choose a secure password, e.g., at least 12 long, with lowercase, uppercase and numbers. This is both for the router and your machine.
• Disable access from the Internet to the router admin pages. Most routers won't allow it anyway, but just in case.
• Set your wireless security to WPA or WPA2. If you only have WEP, you'll be better off not using wireless at all.
• Ubuntu is pretty secure as it is, but for extra security in you own machine take a look at the several firewalls available (like UFW).

Hope it helps.
Regards.

[jsvidyad]

Both are possible, but it doesn't mean you are in imminent danger.

Assuming a hacker has been able to get into my router, from there how can he get into my ubuntu laptop? What I understood is that the most malicious thing he can do is to change the DNS servers on the router and that this can be countered by assigning separate DNS servers in my laptop itself. Is there something else that the hacker can do?

For starters, being behind a router using NAT is very good for security (as opposed to just using a modem).

A few tips:
Choose a secure password, e.g., at least 12 long, with lowercase, uppercase and numbers. This is both for the router and your machine.
Disable access from the Internet to the router admin pages. Most routers won't allow it anyway, but just in case.
Set your wireless security to WPA or WPA2. If you only have WEP, you'll be better off not using wireless at all.
Ubuntu is pretty secure as it is, but for extra security in you own machine take a look at the several firewalls available (like UFW).
Hope it helps.

I have done all of these and more. The thing is I used my friend's computer to set up the router and there is a chance that her computer might be infected. I'm worried about someone connecting to her computer and from there connecting to the router and configuring it using the password for the router(which might have been copied if there was a keylogger on her system). She is using the same router.

[papibe]

If you feel that DNS settings has been compromised, set a custom DNS on your own machine.

I suggest either Google Public DNS or OpenDNS.

Take a look at this tutorial to learn how to do it.

Let us know how it goes.
Regards.

[jsvidyad]

If you feel that DNS settings has been compromised, set a custom DNS on your own machine.

I suggest either Google Public DNS or OpenDNS.

Thank You. I will do that. Other than changing the DNS server ip addresses on that router, what else can a hacker do once he has gained access to my router? Is there some way that he can hack into my laptop from the router?

[2F4U]

Once the hacker is inside your network, he can try to attack each device, printer, networked hdd, or anything else.
Whether he will be able to attack your Ubuntu depends on if he will be able to detect some vulnerability, e. g. open ports or services listening on the internet. Since he is on the router, he knows your IP address and can try to login to your machine.
As soon as he is on the router, he may also shutdown the internet connection, change the administrator password of the router, or lock all your computers out by setting up a MAC filter that blocks everyone from accessing the network at all.

[OpSecShellshock]

Commercial routers should also have a means to reset them to factory settings if you are seriously concerned about compromise. You can just wipe it all out and start over.

There's no telling what kind of custom firmware is out there, but someone with administrative control of a router could change the firmware. If there's a version that somehow allows a remote command shell to be established on the device, even to run one or two things, I suppose there's a possibility that it could be used as an entry point to other devices on the LAN. I've never heard of such a thing, though.

In any case, taking control or running commands on LAN devices when you have control of a router is probably not going to get you much for the effort involved, especially a home network. The most likely thing is still going to be changing DNS settings.

[jsvidyad]

Hello,

She ran a full scan of her system and didn't detect any infections. So, I guess things are okay. The other thing that bothers me is that she doesn't apply OS updates to her windows 7 laptop regularly(the one I used to do the configuration).

I have eight other people staying in my house and I really can't just reset the router without good reasons. All I have right now is a mere suspicion.

[drmrgd]

While it is, of course, ill advised to neglect routine updates on any system, I don't see why her computer should be any more risk for your router than any other computer on that network. You still need to use an admin password to make changes, right? If not (at which point I would say buy a new router...that company doesn't care much about security!), then uninstall the router setup software from her computer. All routers that I know about can be configured using a web browser, and specialized software is unnecessary.

That being said, if you have an unsecured computer on your network, it occurs to me that the router is not the weak point in your network, and you've got more to worry about than your computer.

[jsvidyad]

While it is, of course, ill advised to neglect routine updates on any system, I don't see why her computer should be any more risk for your router than any other computer on that network. You still need to use an admin password to make changes, right? If not (at which point I would say buy a new router...that company doesn't care much about security!), then uninstall the router setup software from her computer. All routers that I know about can be configured using a web browser, and specialized software is unnecessary.

Yes, I have set up an admin password to make changes. I used the web browser to configure the router, not the router setup software(there was no setup software). The thing is, I used her computer to access the web config interface of the router and then I set up the router using the router admin passwd(all using her computer). What worries me is that if someone has managed to install a keylogger on her system, he might have got hold of the router admin password. So, I'm worried that if that's true, he could first connect to her computer, open the router config web interface from her computer, enter the admin passwd and change the router settings to enable him to connect remotely to the router or do something else. I have set up the firewall on the router. So, I'm not sure if this scenario could happen or not.