How does a home personal modem get hacked? - Networking

I had never had never changed the username or password for the default "admin" settings on my home cable modem/router. So whenever I would manage wifi settings (turn wifi on or off / enable or disable WPS / change wifi ssid or security key) I would just type in the numerical IP address for the modem and it would take me right to my modem's configuration page.
Anyway I recently learned that you need to change the default "admin" username and password for safety. Okay so I did that. My question, when I had left it on the default admin username settings, how was a hacker going to access my modem through a wired connection? I understand if I have wifi turned on, and especially if I have WPS enabled, that hackers potentially can break my wifi code to piggyback onto my wifi for free and they then could access my modem's configuration settings over wifi, but what I don't understand is how they would get to my modem's configuration page if the wifi radio is turned off. I would actually have to be targeted right? I would actually have to be infected with a virus that alerted somebody they've accessed my computer or got through my firewall, and then a hacker would be able to get to my modem's configuration page? Is that how it works basically?

jgolf said:
I had never had never changed the username or password for the default "admin" settings on my home cable modem/router. So whenever I would manage wifi settings (turn wifi on or off / enable or disable WPS / change wifi ssid or security key) I would just type in the numerical IP address for the modem and it would take me right to my modem's configuration page.
Anyway I recently learned that you need to change the default "admin" username and password for safety. Okay so I did that. My question, when I had left it on the default admin username settings, how was a hacker going to access my modem through a wired connection? I understand if I have wifi turned on, and especially if I have WPS enabled, that hackers potentially can break my wifi code to piggyback onto my wifi for free and they then could access my modem's configuration settings over wifi, but what I don't understand is how they would get to my modem's configuration page if the wifi radio is turned off. I would actually have to be targeted right? I would actually have to be infected with a virus that alerted somebody they've accessed my computer or got through my firewall, and then a hacker would be able to get to my modem's configuration page? Is that how it works basically?
Click to expand...
Click to collapse
Is your modem accessible from the outside (Internet)?

MrObvious said:
Is your modem accessible from the outside (Internet)?
Click to expand...
Click to collapse
Yes, it is.

Need to change
You need to change adm user (if possible) and default password, always

People can do a netscan with a LONG range of IP address til they find someone open its very simple to do sadly. But most ISP`s well Cable ISP`s that I know of put there own kind of password in there to where the person that owns it can not get into it. But anything open to the net people find ways.

You'd be better running your own router behind the modem and disabling routing functions on the modem if possible.

MrObvious said:
You'd be better running your own router behind the modem and disabling routing functions on the modem if possible.
Click to expand...
Click to collapse
Which side of the modem is physically "behind" the modem?
In between my computer and the modem; or, is it in between the modem and the wall outlet?

hyelton said:
People can do a netscan with a LONG range of IP address til they find someone open its very simple to do sadly. But most ISP`s well Cable ISP`s that I know of put there own kind of password in there to where the person that owns it can not get into it. But anything open to the net people find ways.
Click to expand...
Click to collapse
I see. I am not trying to do anything in particular other then trying to learn about something that has always confused me. (BTW I set up a username and password under the admin settings of my modem and wifi router).
In theory at least, is your computer's firewall still a line of defense if your modem is compromised?

jgolf said:
Which side of the modem is physically "behind" the modem?
In between my computer and the modem; or, is it in between the modem and the wall outlet?
Click to expand...
Click to collapse
Sorry thought that'd make sense. When you say behind, I mean the side from your modem to your network. In front would mean from your modem to the wall to the ISP.

Local attacks to the router can be done by cracking wep which is easy and cracking wpa or wpa2 by deauthing clients to make them reconnect and then grabbing the 2 of the four packets that make up a handshake then using a table of passwords that are common and then run that through aircrack-ng and it calculates hashes and checks to see if they match the handshake.
I think i said that right
anyways you could actually setup a test machine by searching for kali linux and look for a tutorial on cracking wpa2
You need kali linux - a distro of linux that contains pentesting tools already installed and is ready to go
Andthen you need to download a wordlist once in kali
then you should find that tutorial and your off
just make sure you password is in that wordlist
Cheers!
And to answer your question, someone has to have remote access to your computer from the internet to access your modem and routers configuration page when you are wired.

Lgrootnoob said:
Local attacks to the router can be done by cracking wep which is easy and cracking wpa or wpa2 by deauthing clients to make them reconnect and then grabbing the 2 of the four packets that make up a handshake then using a table of passwords that are common and then run that through aircrack-ng and it calculates hashes and checks to see if they match the handshake.
I think i said that right
anyways you could actually setup a test machine by searching for kali linux and look for a tutorial on cracking wpa2
You need kali linux - a distro of linux that contains pentesting tools already installed and is ready to go
Andthen you need to download a wordlist once in kali
then you should find that tutorial and your off
just make sure you password is in that wordlist
Cheers!
And to answer your question, someone has to have remote access to your computer from the internet to access your modem and routers configuration page when you are wired.
Click to expand...
Click to collapse
This is also a good point. Notice he said WPA/WPA2 "common" passwords, or dictionary passwords. If you want a good strong WPA key, go to https://www.grc.com/passwords.htm and put one of them bad boys into your Wi-Fi pass. Make sure you use AES encryption (WPA/WPA2 doesn't matter as much), not TKIP. AES is also called CCMP on some routers. You put that in, and no one will be hacking your Wi-Fi.

How to know if your wifi n cable box is being hacked? And how do u stop it from happening?

Related

Thicko WLAN question

Right then, I don't know much about secure Wifi, so I've just changed my access point to not broadcast the SSID. So, how might I get my MDA Pro to learn about the SSID if it's not broadcast? Can someone please give me a "for dummies" guide to the LEAP thing as I don't have a clue
When I was broadcasting an SSID, it all worked perfectly, pretty much automatically.
I cheated, i set access point to broadcast ssid just whilst i put the JJ on it, once on i turned off ssid broadcasting.
its seemed a bit flakey when trying to add it in the leap settings page. i tried both open adn eap and then just decided it'll be quicker just to enable ssid for 2 mins.
This is hardware dependent, of course, but I set my wifi router up to only allow access from listed mac addresses. That, in addition to hiding ssid (once connected) and 128 bit wep is about enough to stop me getting the crawling heebie-jeebies.
They don't call me paranoid mike for nothing.
Just because you are paranoid, doesn't mean they *aren't* out to get you
this_mike said:
This is hardware dependent, of course, but I set my wifi router up to only allow access from listed mac addresses.
Click to expand...
Click to collapse
Interesting, and I think my router will do this. How can I determine the MAC address of the MDA?
OK, the following is on a blue angel but I imagine that the principle should extend to WM05.
Firstly, get the wep setup and copy the (uppercase) key to your ppc via AS so you can broadcast your ssid with relatively few twitches D).
Start > Settings > Connections > WLAN, fire up wifi and connect to your access point - in WM2003SE this means checking a tick box (or ticking a checkbox). Once you're connected, you should be able to see the ssid, tx rate etc as well as the mac of your wifi adapter.
Additionally / alternatively, your wifi ap may tell you the macs of all connected devices. The smart person would check this first and make a note of any devices and use this as a cross-check.
HTH!
Hidding the ssid doesn't bring any security
- trust me -
...
The only way is to setup a basic WPA encryption. And you will be secure as long as you change the password on regular basis (every 1 or 2 months)
Avoid WEP encryption it's just crap and doesn't bring any security.
The SSID stuff and mac address filtering are just making you think that you are secure when you are not.
30sec to 5min max to decrypt WEP encryptions, less than 5 sec for mac address and SSID stuff.
works fine on mine and I don't broadcast ssid.
>start>settings>connections>network cards
>add new
type in your SSID as the network name
fill in the rest as per your setup
ok, there is no real security on wireless, but if we are all going to use it we may as well instigate all the security options we can. if there are 2 connections for a cruiser to access and 1 is easier than the other, I know what I would do....
WEP and above do provide security, at least if you don't want any old Johnny using your network.
So, use WEP or whatever security you have.
Hiding SSID literally just hides it. However, most hacking tools easily show the SSID anyway, so don't really on this. But, if you do hide the SSID, you have to set up the connection manually, typing in the name of the SSID and WEP key.
V
most hackers tools that show ssid will decrypt wep in less than 2min.
I was just pointing it out because
1- it's to consider when you're buying an Access Point
2- If you're using it with sensible website (bank account) and such (even to check your mail - using your credit card etc ...)
fair point...
I guess it would be unthoughtful of us to give the know how without also giving the gotchas
;-)
I have got a hidden SSID and the qtek is able to find the network after typing in the name, but it ist not able to connect.
I have already checked the MAC.
It gets the right IP but after few second it scans the network for another time and so it goes on

WiFi Connecttion

Hi Everybody!
I'm looking for some help with connecting to my home WiFi.
In settings, netwok card, I can see my home network.
I use a netgear router with WEP security.
I just can't seem to connect and I can't seem how to input my WEP acces passkey too?
Thanks for any replies
{>
In settings, wireless lan, advanced it states that I am connected to the network, but I still can't connect when using IE?
the message reads : " U~nable to obtain a server assigned IP address . . . etc"
Do you have DHCP enabled on the wireless router? Have you used the wireless network with another device?
Mmm, very good question!
The answer is "don't know". Will check and let you know Syn.
Will start again.now that I have managed to "flash my rom"
Well this is what I have :
Wireless Network
Name (SSID):
Region: --- Select Region ---AfricaAsiaAustraliaCanadaEuropeFranceIsraelJapanMexicoSouth AmericaUnited States
Channel: 01020304050607080910111213
Wireless Access Point
Enable Wireless Access Point
Allow Broadcast of Name (SSID)
Wireless Card Access List
Security Encryption (WEP)
Authentication Type: AutomaticOpen SystemShared Key
Encryption Strength: Disable64bit128bit
I have added the device to my wireless network list with the MAC address
Signal is VERY GOOD!!!
Am I missing out son some settings?
{>
I've tried to set up a new connection as Internet Explorer tells me it cannot connect with the current settings?
What settings do I need?
I have entered the WEP key, and I don't use passwords on my wifi system??
{<
Do I need an IP address?
Scutter
First things first, forget the PDA for few moments and lets establish what is going on with your AP. The question that [sYn] has asked is very important - do you have DHCP enabled on the AP. The answer you posted is meaningless as it only shows the options and not the current config. Interrogate the AP and look for where the LAN side DCHP option is and make sure it is set to ENABLE or ON or whatever positive indication is used.
Once you are sure this is configured (ideally tested with a PC) then go get your PDA and try connecting again. If it still doesn't work disable all the security and encryption settings and turn off that stupid MAC address authentication which, by the way, is pointless. If needs be do a factory reset on the AP. With no security enabled try conecting the PDA. It more than likely will connect now. Once it does start building up your security one layer at a time making sure you test at each stage. Can I suggest that you forget WAP and MAC authentication and use a WPA Pre-Shared Key instead as this provides bucket loads more security.
Hope this helps.
JT, thanks for all your help!
I use a netgear router. Whilst awaiting a reply here I did a bit of research and took of the security of my router. I then connected my device using a shared key (I have always had this) and then put the security back on.
I had to reconnect my laptop too. I think the reason isthat the router was set for an automatic setting and I chaned this to an open system.
THANKS AGAIN FOR YOUR HELP !!!
{>

unable to connect to wifi

hi all i have just bought a 02 xda11i i have a home network consisting of 1 laptop 1 wireless router(belkin54g)the router is connected to my cable modem.i have my laptop upstairs and it connects to my wifi router perfect using wpa/psk but i cant get the xda to connect to my wifi any help would be appreciated as i am about to give up trying thanks in advance.
bump please help
have you tried changing the authentication on the router to WEP which is well tested on XDA’s, or even disabling security just to test connectivity.
hi marc
thanks for replying i think i will try what you say and change my router from wpa 2/psk/tkip and switch to wep as i say my router is a belkin 54g which can run 802,11,b+g my laptop is g and the xda2i is b ive read that if i connect the zda then it will force the router to downgrade from g to b will connecting the zda effect my laptop if they are connected at the same time?allso the routers firewall is on can i leave this on when attempting to connect the zda?as you can probably tell i am a newb at networking,any help from this forum would be a massive help thanks.i am looking forward to having it connected to the web.
you should have your router set to mixed mode. it will not effect the performance with the laptop. firewall will not effect, as long as the relevent ports are not blocked, which they wont be as default. make sure you are not using mac filtering, unless you add the mac address of the router. again this is off by default. although when you get comfortable, mac address filtering + WEP make a good security system. hiding the network ID and giving it an unusual name is best, but a bugger to set up.
strip the system down to bare essentials, then get your device connected, and start adding back. that standard network diagnosis.
marclouis said:
you should have your router set to mixed mode. it will not effect the performance with the laptop. firewall will not effect, as long as the relevent ports are not blocked, which they wont be as default. make sure you are not using mac filtering, unless you add the mac address of the router. again this is off by default. although when you get comfortable, mac address filtering + WEP make a good security system. hiding the network ID and giving it an unusual name is best, but a bugger to set up.
strip the system down to bare essentials, then get your device connected, and start adding back. that standard network diagnosis.
Click to expand...
Click to collapse
agreed!as soon as i have got time i will reset the router and start from scratch i will post the outcome thanks.

WM6 + Wifi - WPA+TKIP

I have a wifi router at my office - Netgear, I am using WPA-TKIP as security options, the problem i am facing is - i have setup a passphrase on the router, but on phone, it just asks for network key, i need a way to enter a pass phrase, are there any updates to wifi for WM6 which can help me to get out of this situation?
I cannot change my existing WIFI settings on router, my other machines and devices are using the same configuration and now if i change it to WEP or something else, i will have to upload all other machines.
I cannot move to an open system as well.
please help
wpa without wpa-psk wont protect your network from being used by other ppl. i suggest u to choose wpa-psk (pre-shared-key). u choose a password and it is easy to setup for the other clients on your wireless lan. just enter password one time on the other clients and they are online. and wpa-psk works with wm6. greetz spaxxi
Where it says Network Key is where you enter the passphrase as used on your router.
On my SPV E650 (vox) I have WPA-PSK with data encryption set to TKIP
Use IEE 802.1x network access control box ticked and EAP type as smart card or certificate.
Also I have set networks to access as All available but on my netgear under wirless settings I have set up enable access list with the mac of the phone (which you can get from connection settings or with wirless on the phone switched on the router should detect the mac from phone broadcast which you can then accept as a trusted station.
This means only my phone can connect to the router even though my ssid is broadcast.
Hope that helps.
MrMond
the sip client you have works
w pa-st k is the best most efficient way to run and your net gear has 3 different ways in but the paraphrase is fine. use the para phrase where it says key go right through it, if i recall the client has ports but ur going direct you dont need it. Your just and to log into your router regular client is for web based app go right at the router use wififofum and then just make sure your sip is on meaning registry is live dont worry about the settings. Let me try to make sense all next ell are voip just an ip i don't care what anyone says. your do not need a web based sip just leave the sip alone but try activating it remember it a phone turn it on but 1 thing give out static ips u will succeed. static wpa-stk intra net ur just taking to the device no need for any barriers. you could hook up computer up slap head phones and a mic in the analog jacks from the 80's and you have no succeeded in ? Voip. all that matters is the router is set right and sees only you for the duration of your call. Most likely wil end up turning that whit wpn8xxx into a access point have fun don't ask. But it only took me 3 hours to realize i left to come back into my office for what a paid for call. And the day wireless is everywhere i will be a lan expert.
ciao good luck don't orry just look at it and you will see what makes sense.

remote desktop problem

Hi everyone,
I would like to connect to my laptop next room from local network. I can connect perfectly when I type in my IP address into the first textbox (Computer), but I can't connect when I type in my Computer Name (full computer name) instead. I tried MyPCName as Computer, \\MyPCName as Computer, forwarding port 3389 to my IP, leaving domain name empty, putting in my workgroup name as a domain, putting in my computer name as a domain, putting in myPCName\MyUserName as Username, \\MyPCName as Computer, still the same. It won't connect unless I put in the IP address. I would like to do this since my workplace assigns a different IP to my laptop then I assign at home, but naturally I have the same computer name at both places, so I would like to have a permanent setting for both places.
I'm running Windows 7 64 bit on my laptop and 1.66.405.2 ROM on my HTC HD2.
Many thanks in advance.
can you connect to it ok using another computer? might be a dns issue at a guess...
I can connect from other computers fine. Also on my HD2 I can see the host names of PC's under Resco Explorer and map them. However, remote desktop mobile refuses to work with the Computer Name. I can ping my Laptop's IP and also Computer name from pingbox2. Only in Remote Desktop Mobile there is a problem.
windows 7 by default blocks remote desktop connections from different versions of remote desktop. if you right click computer and select properties, then choose remote settings on the right hand side and select the middle option (accept connections from all verions of remote desktop). havent tried this my self but it solves most issues when using different versions of windows
OK, I sort of figured it but would still appreciate some help. Here is how I got it to work:
I had OpenDNS IP under DNS settings for wireless adapter. I deleted them. If I don't do this, pinging my computer name from HD2 always brings 67.215.65.132, which is opendns and not my true local IP, i.e. 192.168.x.x. I also had to disable the data connection (3G) and only have wireless. If I don't disable 3G, I can only connect with IP and not computer name. Only after doing these 2, when I pinged my computer name, I got the true local IP and I was able to connect with Remote Desktop Mobile using computer name. Now my question is:
1- I don't want to quit using opendns, is it possible?
2- I don't want to disable 3G connection every time, is it possible?
thanks in advance.
For me it works with MyPCName in computer and empty domain, both for XP and 7.
Something seems strange with your phone's networking configuration. At a guess (and this is a long shot), I would check your VPN settings on your phone to make sure you're not connecting to a different domain over 3G as this might explain why it works when you turn off the data connection on the phone and why it works by IP address.
As I said though, it's a long shot and is the only thing I could think of that fits your particular symptoms...
ozkaya said:
OK, I sort of figured it but would still appreciate some help. Here is how I got it to work:
I had OpenDNS IP under DNS settings for wireless adapter. I deleted them. If I don't do this, pinging my computer name from HD2 always brings 67.215.65.132, which is opendns and not my true local IP, i.e. 192.168.x.x. I also had to disable the data connection (3G) and only have wireless. Only after doing these 2, when I pinged my computer name, I got the true local IP and I was able to connect with Remote Desktop Mobile using computer name. Now my question is:
1- I don't want to quit using opendns, is it possible?
2- I don't want to disable 3G connection every time, is it possible?
thanks in advance.
Click to expand...
Click to collapse
about the open dns issues, I suspect that can be solved by making sure your router lets the incoming connection into your home network (you say it resolves to 66.whatever when open dns is used, shouldn't be a problem do long as you don't forget that will be your home ip address so that connection will neef to be allowed through the router and then forwarded by your routers virtual server (our whatever your router software calls out) to your laptops internal ip address.
as for the 3g it should use wifi over 3g by default..... mine certainly does, no need for me to disable it.
tomallen35 said:
Something seems strange with your phone's networking configuration. At a guess (and this is a long shot), I would check your VPN settings on your phone to make sure you're not connecting to a different domain over 3G as this might explain why it works when you turn off the data connection on the phone and why it works by IP address.
As I said though, it's a long shot and is the only thing I could think of that fits your particular symptoms...
Click to expand...
Click to collapse
I think you're right, when the 3G is on (and also Wifi on), Resco shows computers from all around the country when I click computers near me and not my local network. When only wifi is on I can see my local computers. 3G probably has precedence over Wifi? How can I correct this?
samsamuel said:
about the open dns issues, I suspect that can be solved by making sure your router lets the incoming connection into your home network (you say it resolves to 66.whatever when open dns is used, shouldn't be a problem do long as you don't forget that will be your home ip address so that connection will neef to be allowed through the router and then forwarded by your routers virtual server (our whatever your router software calls out) to your laptops internal ip address.
as for the 3g it should use wifi over 3g by default..... mine certainly does, no need for me to disable it.
Click to expand...
Click to collapse
But the 66.whatever address is generic openDNS lookup IP and same for everyone. Are you suggesting me to route this IP to my local IP, i.e. 192.168.x.x? Oh, one more thing, I can also connect when 3g and wifi are both on, but only through computer's IP and not computer name. Can you connect with computer name while both are on and connected?
when your phone does a dns lookup on the name it resolves to the open dns assigned address (not the same for everyone, otherwise the open fns system wouldn't work) so to connect to your computer the phone sends its request to open dns who forward that request to your current actual address.at home that address is your home ip address BUT it isn't your laptops address it is your routers address.(stop reading here if you don't have a router).
so the router needs to be told "if you get a connection request in port (whatever the remote desktop port is) please forward it to (laptop ip address)
its called port forwarding in some routers, virtual server in others.
samsamuel said:
so the router needs to be told "if you get a connection request in port (whatever the remote desktop port is) please forward it to (laptop ip address)
its called port forwarding in some routers, virtual server in others.
Click to expand...
Click to collapse
You're mixing up things a bit - he's not using dns but the computer netbios name. The point is that he has wifi on and connected as well as 3G, thus with an "intranet" ip address on Wifi... so the program/phone should be looking up the name on that connection, where it would find it, instead of looking up over the 3G connection. As the netbios protocol is not routable, it has no chance of finding the computer name over 3G/internet and back home, even with port mappings.
kilrah said:
You're mixing up things a bit - he's not using dns but the computer netbios name. The point is that he has wifi on and connected as well as 3G, thus with an "intranet" ip address on Wifi... so the program/phone should be looking up the name on that connection, where it would find it, instead of looking up over the 3G connection. As the netbios protocol is not routable, it has no chance of finding the computer name over 3G/internet and back home, even with port mappings.
Click to expand...
Click to collapse
you're totally right, I have a router and its port is forwarded to my laptop IP, but this is only good (and works well too) when I want to connect from Internet to my local network. I tried OpenDNS exceptions for VPN and defined an exception named as MyComputerName but it didn't work. Then I tried a dyndns solution, but it only works for external connections and not local network, i.e. it can't map local IP's. What I need is a dynamic client which can update my local IP.
I also tried to edit hosts entry in the registry with MyComputerName. It works for a single IP, but I'm not sure if I can write multiple IP adresses (my work and home local IP) into that. If I could maybe everything would be OK.
I've just tried a couple of things and it really works fine for me. If I connect Wifi only, I can remote desktop with the computer name. If I then connect data connection, it still works. Disabling wifi and obviously it doesn't work anymore. Re enabling wifi, it doesn't work at first, but does again after ~30 seconds once the netbios protocol has done its host lookup procedures.
There simply shouldn't be anything special to do.
kilrah said:
I've just tried a couple of things and it really works fine for me. If I connect Wifi only, I can remote desktop with the computer name. If I then connect data connection, it still works. Disabling wifi and obviously it doesn't work anymore. Re enabling wifi, it doesn't work at first, but does again after ~30 seconds once the netbios protocol has done its host lookup procedures.
There simply shouldn't be anything special to do.
Click to expand...
Click to collapse
thank you very much for your time, I appreciate it. You're right in that waiting a bit resolves the issue (it's a bit more than 30 secs for me that's why I thought it wasn't working when 3G is enabled) but only when OpenDNS is not used. I assume you don't use OpenDNS, right? Once I put that one into equation, it takes over NetBIOS protocol and returns its IP instead of the local IP(192.168.x.x). As far as I understand, DNS lookup has precedence over NETBIOS and if the name is not found in DNS it consults NETBIOS protocol. However OpenDNS has this nice "feature" where it finds the name with its own IP. There are several posts about this on its webpage and they say to either disable the typo correction or put exceptions for Netbios names, but sadly none of them works for me right now.
Nope, no OpenDNS, never actually heard of it.
How does it work? Do you enter their DNS server address in the network settings of your pc/phone, or is it an app you run?
you click Start/Settings/All Settings/Connections/Wifi/First Button/Switch to Network Adapters tab/Select Broadcom 802.11 DHD Network Adapter/Switch to Name Servers Tab/Type in 208.67.222.222 for primary DNS and 208.67.220.220 for secondary DNS, click OK. that's all. Could you try if it's not so much trouble? Thanks.
OK, remote desktop doesn't work either with the OpenDNS servers in.
I'm pretty sure it must be a limitation of the remote desktop app itself, as resco explorer can still navigate and/or discover the network shares of my other PCs with no problem. NBTStatCE also finds everybody.
Wouldn't even surprise me, as that Remote desktop mobile has always been troublesome. I don't remember exactly, but in the WM5 days it was pretty much impossible to use on a local network due to a weird handling of names... if I remember well all "local" (NetBIOS) addresses without a '.' entered in the remote desktop app would be redirected to the "Work" connection, while "remote" ones with a period would be directed on the "Internet" connection. As a network card can only be defined as one of them, if you wanted it to work in both cases through Wifi you had to switch the card from Work to Internet and back all the time. And of course when it's on Work it breaks some other things that use the default system handling like mail.

Categories

Resources