Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: Question about router

  1. #11
    Join Date
    Sep 2011
    Beans
    1,531

    Re: Question about router

    If you will always be concerned about it, then just reset the router (like others said). Give the users the new WPA2 wifi password and you're done.

  2. #12
    Join Date
    Apr 2011
    Location
    Maryland
    Beans
    1,461
    Distro
    Kubuntu 12.04 Precise Pangolin

    Re: Question about router

    I suppose if an intruder had a keylogger on her computer when you logged into the router and that intruder has access to your network, then they might be able to get into the router configuration and make changes. As long as you have the option to change the router settings from outside the network turned off, they would still have to be inside your network to actually get in and make changes. You could change the router password from a more secure computer, thus eliminating (or reducing anyway) the chance of an intruder getting it if you're worried about that.

    If her computer is suspect, though, unless you firewall that computer off from the rest of the network, it could still be a threat to the rest of your LAN I would think. I'm no security expert, but it seems that any infected computer on your network could spread risk to other computers on the net. With good security on your other computers, I guess the risks are reduced, though.

  3. #13
    Join Date
    Sep 2011
    Beans
    1,531

    Re: Question about router

    In regards to drmrgd's comments,

    If your router has the ability to create a "guest" network then do that. One network could be just for you and maybe computers you trust. The other "guest" network can be for all other untrusted computers.

  4. #14
    Join Date
    Nov 2009
    Beans
    919
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Question about router

    You could also connect to the router (with a cable, need to make that clear) from a system that is fully under your control and that you trust, and change the administrative password on the router configuration page. Oh and while you're in there make sure UPnP is disabled, as well as any remote configuration options that might be available.

  5. #15
    Join Date
    Jul 2005
    Beans
    412

    Re: Question about router

    Quote Originally Posted by OpSecShellshock View Post
    Commercial routers should also have a means to reset them to factory settings if you are seriously concerned about compromise. You can just wipe it all out and start over.

    There's no telling what kind of custom firmware is out there, but someone with administrative control of a router could change the firmware. If there's a version that somehow allows a remote command shell to be established on the device, even to run one or two things, I suppose there's a possibility that it could be used as an entry point to other devices on the LAN. I've never heard of such a thing, though.

    In any case, taking control or running commands on LAN devices when you have control of a router is probably not going to get you much for the effort involved, especially a home network. The most likely thing is still going to be changing DNS settings.
    Assuming someone has changed the firmware on my router to one with a command shell and tries to get into my ubuntu laptop from the router, will the firewall(ufw) on my laptop protect me against it? Or will the ufw firewall just trust the router and accept all packets from the router and thus let the hacker in?
    Last edited by jsvidyad; December 8th, 2012 at 09:47 AM.

  6. #16
    Join Date
    Nov 2009
    Beans
    919
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Question about router

    Quote Originally Posted by jsvidyad View Post
    Assuming someone has changed the firmware on my router to one with a command shell and tries to get into my ubuntu laptop from the router, will the firewall(ufw) on my laptop protect me against it? Or will the ufw firewall just trust the router and accept all packest from the router and thus let the hacker in?
    I suppose it depends on your local ufw rules and whether you communicate with other LAN devices from your computer. If you use the default of allowing outbound connections but not allowing unsolicited incoming connections you're probably fine. The only way that such a malicious custom firmware (which remember is entirely hypothetical) would come into play from that perspective is if you initiated a connection to your router's admin page and it happened to contain an exploit written for your version of whatever browser you were using which then executed further code. Alternatively it could check for services running on a different device on your LAN that you do trust and do something that way.

    Of course we're talking about a huge level of effort and a willingness to just sit and wait for the perfect circumstances to arise. And the best mitigation strategy for it is probably something people have already done (that is, if they are concerned about their router security), which is setting up the router so its admin page can't be reached from the open web, and setting the admin page up with a really strong password.

  7. #17
    Join Date
    Jul 2005
    Beans
    412

    Re: Question about router

    Sorry, I meant packets, not packest.

  8. #18
    Join Date
    Sep 2011
    Location
    Pennsylvania, U.S.A.
    Beans
    1,879
    Distro
    Ubuntu Development Release

    Re: Question about router

    If it were me and I'm no expert, here's how I would proceed. Unplug the router from the internet. Use a machine that I'm pretty sure is clean - fresh live install? - and download the latest firmware update. Reset the router to factory defaults. Reflash the router using the downloaded firmware which should overwrite any 'custom' firmwares that may have been installed. Reconfigure the router then reattach to the internet. Of course use a long complex router password.

    Edit: How do I download new firmware after disconnecting the router? Oops. Either download the new firmware first or use another internet connection.
    Last edited by kurt18947; December 8th, 2012 at 03:08 PM.

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •