| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 58625 | 2005-06-06 21:35:00 | Heads Up: DSL Router Vulnerability. | Murray P (44) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 361748 | 2005-06-06 21:35:00 | Read the linked Computer World article by Juha Saarinen (computerworld.co.nz) re D-Link 504G DSL routers shipped by Ihug, DSE and prossibly others. An extra precaution for anybody else who is running any brand of DSL router/modem, they should be aware that they need to change the login and password to the routers control panel from the default one that it shipped with (the issue above is a step up from that though). |
Murray P (44) | ||
| 361749 | 2005-06-06 22:05:00 | Hmmm, that probably applies to Dynalink adsl routers as well, as you say Murray. They ship with a standard name/password. Have just changed mine! Thanks... | John H (8) | ||
| 361750 | 2005-06-06 22:33:00 | I think it is more to do with the fact the remote administrator interface is open by default on those routers, and added to that are well known default username and password ... :rolleyes: | Jen (38) | ||
| 361751 | 2005-06-06 23:42:00 | In the Dynalink 'ADSL Router Quick Set-up Guide', there are 'Important tips for security' which cover just these very issues. That is, change the routers administrative user name and password, and do not enable remote access to the router unless you know how to handle security. The other point made is not to send the router away for repair or replacement without resetting to factory defaults, or wiping internet account login details. |
Terry Porritt (14) | ||
| 361752 | 2005-06-07 04:40:00 | And this is "News"?! People, the first thing you do when you get a router: Change the Admin password (and username if possible) Change the port, port 80 is no good Change the settings for remote access (Unless you need it enabled for one reason or another) News... Geez a quick port-scan will tell them who's vulnerable :p |
Chilling_Silence (9) | ||
| 361753 | 2005-06-07 04:47:00 | This further highlights the fact that you must always change the default password. You could take all possible precautions, and apply all security updates, but if you don't change the password you leave yourself wide open. As always you shouldn't have any services running that you don't require, ie remote access. Change the default port to something other than port 80, 8080 etc. And adopt the "block everything and only allow what I need" policy |
b1naryb0y (3) | ||
| 361754 | 2005-06-07 04:48:00 | And this is "News"?! People, the first thing you do when you get a router: Change the Admin password (and username if possible) Change the port, port 80 is no good Change the settings for remote access (Unless you need it enabled for one reason or another) News... Geez a quick port-scan will tell them who's vulnerable :p I will be news for a lot of people. It is not just serious computer people getting broadband these days, it is the normal home user who doesn't know to update antivirus, has never heard of a firewall and doesn't even know to recycle the router first before calling for help if connection has dropped. How do you expect them to change admin passwords and other router settings when they don't even know sometimes what a router is and what it does. |
Safari (3993) | ||
| 361755 | 2005-06-07 04:51:00 | Good point Safari. How are we going to tell them ? | KiwiTT_NZ (233) | ||
| 361756 | 2005-06-07 04:52:00 | To the average home user, I suppose, but its not like its late-breaking news, right? My IP begins with 203.173.145, so a quick: nmap -A -T4 -P0 -p 80 -vv 203.173.145.1-254 Will tell you who's open and who's not.... I did that one day a while back, but with Woosh... Found a couple of people who'd left their routers wide open with default passwords. I was very tempted...... ..... ...... |
Chilling_Silence (9) | ||
| 361757 | 2005-06-07 04:58:00 | I could be wrong but, as I undersatnd it, this is not just a simple matter of the admin login to the control panel and remote access. In this instance, it is wide open on the WAN side, similar to the Dynalink bug that allowed anyone caring to have a casual look, to access the routers settings including firmware. That's not just a user issue but a bug in the software. | Murray P (44) | ||
| 1 2 3 | |||||