If you will always be concerned about it, then just reset the router (like others said). Give the users the new WPA2 wifi password and you're done.
If you will always be concerned about it, then just reset the router (like others said). Give the users the new WPA2 wifi password and you're done.
I suppose if an intruder had a keylogger on her computer when you logged into the router and that intruder has access to your network, then they might be able to get into the router configuration and make changes. As long as you have the option to change the router settings from outside the network turned off, they would still have to be inside your network to actually get in and make changes. You could change the router password from a more secure computer, thus eliminating (or reducing anyway) the chance of an intruder getting it if you're worried about that.
If her computer is suspect, though, unless you firewall that computer off from the rest of the network, it could still be a threat to the rest of your LAN I would think. I'm no security expert, but it seems that any infected computer on your network could spread risk to other computers on the net. With good security on your other computers, I guess the risks are reduced, though.
In regards to drmrgd's comments,
If your router has the ability to create a "guest" network then do that. One network could be just for you and maybe computers you trust. The other "guest" network can be for all other untrusted computers.
You could also connect to the router (with a cable, need to make that clear) from a system that is fully under your control and that you trust, and change the administrative password on the router configuration page. Oh and while you're in there make sure UPnP is disabled, as well as any remote configuration options that might be available.
Assuming someone has changed the firmware on my router to one with a command shell and tries to get into my ubuntu laptop from the router, will the firewall(ufw) on my laptop protect me against it? Or will the ufw firewall just trust the router and accept all packets from the router and thus let the hacker in?
Last edited by jsvidyad; December 8th, 2012 at 09:47 AM.
I suppose it depends on your local ufw rules and whether you communicate with other LAN devices from your computer. If you use the default of allowing outbound connections but not allowing unsolicited incoming connections you're probably fine. The only way that such a malicious custom firmware (which remember is entirely hypothetical) would come into play from that perspective is if you initiated a connection to your router's admin page and it happened to contain an exploit written for your version of whatever browser you were using which then executed further code. Alternatively it could check for services running on a different device on your LAN that you do trust and do something that way.
Of course we're talking about a huge level of effort and a willingness to just sit and wait for the perfect circumstances to arise. And the best mitigation strategy for it is probably something people have already done (that is, if they are concerned about their router security), which is setting up the router so its admin page can't be reached from the open web, and setting the admin page up with a really strong password.
Sorry, I meant packets, not packest.
If it were me and I'm no expert, here's how I would proceed. Unplug the router from the internet. Use a machine that I'm pretty sure is clean - fresh live install? - and download the latest firmware update. Reset the router to factory defaults. Reflash the router using the downloaded firmware which should overwrite any 'custom' firmwares that may have been installed. Reconfigure the router then reattach to the internet. Of course use a long complex router password.
Edit: How do I download new firmware after disconnecting the router? Oops. Either download the new firmware first or use another internet connection.
Last edited by kurt18947; December 8th, 2012 at 03:08 PM.
Bookmarks