Question about router

**Ms. Daisy** · November 11th, 2012

If you will always be concerned about it, then just reset the router (like others said). Give the users the new WPA2 wifi password and you're done.

**drmrgd** · November 11th, 2012

I suppose if an intruder had a keylogger on her computer when you logged into the router and that intruder has access to your network, then they might be able to get into the router configuration and make changes. As long as you have the option to change the router settings from outside the network turned off, they would still have to be inside your network to actually get in and make changes. You could change the router password from a more secure computer, thus eliminating (or reducing anyway) the chance of an intruder getting it if you're worried about that.

If her computer is suspect, though, unless you firewall that computer off from the rest of the network, it could still be a threat to the rest of your LAN I would think. I'm no security expert, but it seems that any infected computer on your network could spread risk to other computers on the net. With good security on your other computers, I guess the risks are reduced, though.

**Ms. Daisy** · November 11th, 2012

In regards to drmrgd's comments,

If your router has the ability to create a "guest" network then do that. One network could be just for you and maybe computers you trust. The other "guest" network can be for all other untrusted computers.

**OpSecShellshock** · November 11th, 2012

You could also connect to the router (with a cable, need to make that clear) from a system that is fully under your control and that you trust, and change the administrative password on the router configuration page. Oh and while you're in there make sure UPnP is disabled, as well as any remote configuration options that might be available.

**jsvidyad** · December 7th, 2012

Originally Posted by OpSecShellshock

Commercial routers should also have a means to reset them to factory settings if you are seriously concerned about compromise. You can just wipe it all out and start over.

There's no telling what kind of custom firmware is out there, but someone with administrative control of a router could change the firmware. If there's a version that somehow allows a remote command shell to be established on the device, even to run one or two things, I suppose there's a possibility that it could be used as an entry point to other devices on the LAN. I've never heard of such a thing, though.

In any case, taking control or running commands on LAN devices when you have control of a router is probably not going to get you much for the effort involved, especially a home network. The most likely thing is still going to be changing DNS settings.

Assuming someone has changed the firmware on my router to one with a command shell and tries to get into my ubuntu laptop from the router, will the firewall(ufw) on my laptop protect me against it? Or will the ufw firewall just trust the router and accept all packets from the router and thus let the hacker in?

**OpSecShellshock** · December 7th, 2012

Originally Posted by jsvidyad

Assuming someone has changed the firmware on my router to one with a command shell and tries to get into my ubuntu laptop from the router, will the firewall(ufw) on my laptop protect me against it? Or will the ufw firewall just trust the router and accept all packest from the router and thus let the hacker in?

I suppose it depends on your local ufw rules and whether you communicate with other LAN devices from your computer. If you use the default of allowing outbound connections but not allowing unsolicited incoming connections you're probably fine. The only way that such a malicious custom firmware (which remember is entirely hypothetical) would come into play from that perspective is if you initiated a connection to your router's admin page and it happened to contain an exploit written for your version of whatever browser you were using which then executed further code. Alternatively it could check for services running on a different device on your LAN that you do trust and do something that way.

Of course we're talking about a huge level of effort and a willingness to just sit and wait for the perfect circumstances to arise. And the best mitigation strategy for it is probably something people have already done (that is, if they are concerned about their router security), which is setting up the router so its admin page can't be reached from the open web, and setting the admin page up with a really strong password.

**jsvidyad** · December 8th, 2012

Sorry, I meant packets, not packest.

**kurt18947** · December 8th, 2012

If it were me and I'm no expert, here's how I would proceed. Unplug the router from the internet. Use a machine that I'm pretty sure is clean - fresh live install? - and download the latest firmware update. Reset the router to factory defaults. Reflash the router using the downloaded firmware which should overwrite any 'custom' firmwares that may have been installed. Reconfigure the router then reattach to the internet. Of course use a long complex router password.

Edit: How do I download new firmware after disconnecting the router? Oops. Either download the new firmware first or use another internet connection.