Securing DSL broadband router from intruders on the Internet?

thedrama

I brought some stupid questions which i couldn't figure out how. Assume you have a standard DSL modem but not with wireless
capabilities.

1) how could a person/intruder access my modem and manipulate it without being "physically connected" to it?

Consider you have a broadband router with built-in wireless capabilities you know. But, there is something wrong and your
bill is not like yours/too much for the Internet usage. Someone hacked your broadband router but is this possible except in range
of your wireless LAN who tries to access by unlocking the wireless password through radio waves? How could this be feasible from public?

it_consultant

An external brute force attack is very uncommon. Usually someone has an easily guessable password or something. For a real attack, normally there is a vulnerability in the networking hardware which will allow elevated access without authentication. I had a coworker discover during a bake off that a certain software revision in Cisco's IOS will not authenticate the elevated user under certain load conditions. He demonstrated, he put the router in the condition and typed "en" and poof, he was in, he owned the router.

If the router was hardened properly - he couldn't have executed the attack because his initial VTY connection would be refused. In that case he would have had to physically be near the router which, as you pointed out, is hard to do.

Most attacks can be thwarted if we followed our own good advice. How many people have seen CPANEL logins which were simple? Guess CPANEL login, deface hundreds of websites. Admins are lazy, attackers take advantage.

demonfurbie

even for home connections i suggest a firewall beyond the normal router that you can go to best buy and get

you can go on ebay and pick up a used hardware firewall

crrussell3

If you have an old spare computer laying around, you could always through on a firewall linux distro. There are point and click setups like Smoothwall and Untangle that make it easy to get up and running.

Everyone

demonfurbie wrote: »

even for home connections i suggest a firewall beyond the normal router that you can go to best buy and get

you can go on ebay and pick up a used hardware firewall

Or you can set one up easily, cheaply (possibly completely free) with pfSense.

In addition to running a pfSense firewall between my cable modem and my LAN, I keep the Windows Firewall turned on for all my Windows boxes, and iptables on all my Linux boxes. Multi-layerd approach.

MentholMoose

thedrama wrote: »

1) how could a person/intruder access my modem and manipulate it without being "physically connected" to it?

It's possible but unlikely for a modem to have a vulnerability that could be exploited remotely. To be safe, check for and apply any firmware updates from the modem manufacturer. Another possibility is that the management interface is accessible from the WAN interface and a weak (or default) password is set. Change the password and disable management from the WAN (if possible).

If you think the modem is actually the issue, you can replace it. They are very cheap and the one provided by your ISP might not be very good anyway. My ISP provided a Westell modem and it wasn't very stable, and a replacement they sent wasn't any better, so I bought my own (a Motorola/Netopia, about $10 on eBay) which has been significantly better.

thedrama wrote: »

Consider you have a broadband router with built-in wireless capabilities you know. But, there is something wrong and your bill is not like yours/too much for the Internet usage. Someone hacked your broadband router but is this possible except in range of your wireless LAN who tries to access by unlocking the wireless password through radio waves? How could this be feasible from public?

Anyone accessing your Wi-Fi connection would typically need to be close to your AP. However, with a high-gain directional antenna, they might be able to connect from a longer distance, but this depends on many factors (the terrain or other structures around your house may block line-of-sight, the building materials of your house and the positioning of the AP may block most of the signal, etc.). If someone was doing this, it would probably be a neighbor. The management interface of most APs show what devices are connected, and some have history/logs, so log on to it and check for devices you don't recognize.

The best most home users can do to secure their Wi-Fi network is to enable WPA2 with a very strong pre-shared key (10+ characters, not dictionary-based, and using at least upper/lower-case letters, numbers, and symbols). Many Wi-Fi APs/routers include the ability to white-list MAC addresses and disable SSID broadcasts, which you can use to some benefit, but these won't help against a determined attacker.

If you've noticed a spike in bandwidth utilization and you don't know the cause, the likely culprit is one of the PCs on your network. For example, a roommate might be running torrents overnight without telling you, or one of the PCs has been infected by malware that utilizes bandwidth for some malicious purpose.

I definitely recommend using a firewall. However, if you already have multiple PCs connecting to the network, chances are you already have one. It may be called a "router" or a "gateway" but at the consumer level these devices almost always function as a firewall as well. Your modem may even be performing this function. If you don't currently have a firewall, consider buying one. If you have an old PC, you can install pfSense, m0n0wall, some other purpose-built OS (see List of router or firewall distributions - Wikipedia for many options), or even a general-purpose OS with suitable configuration, but check the power usage of the PC first. Older PCs tend to be power hogs and if you run it 24/7 it could add $10-20 to your monthly power bill, in which case it would probably be better to spend the money on a dedicated device.

thedrama

1) I couldn't be able to ask what im trying to learn. As a summary, how could it be possible your broadband router being hacked by an intruder/attacker remotely?

As soon as your broadband router is only "physically directly attached" to the ISP, how is this possible to be exposed an attack from remote source? Should anyone associated with ISP could do it i think?

2)Same case, but consider there is an intruder attempting to take advantage of your Internet connection in your wireless LAN. Lets say you didn't turn off SSID broadcast and he accessed the name easily. Then, consider you didn't place any security method as well as the password and that person was provided your connection complete access. In that case, isn't changing the authentication information(username and password of broadband router) useless?

it_consultant

thedrama wrote: »

1) I couldn't be able to ask what im trying to learn. As a summary, how could it be possible your broadband router being hacked by an intruder/attacker remotely?

As soon as your broadband router is only "physically directly attached" to the ISP, how is this possible to be exposed an attack from remote source? Should anyone associated with ISP could do it i think?

2)Same case, but consider there is an intruder attempting to take advantage of your Internet connection in your wireless LAN. Lets say you didn't turn off SSID broadcast and he accessed the name easily. Then, consider you didn't place any security method as well as the password and that person was provided your connection complete access. In that case, isn't changing the authentication information(username and password of broadband router) useless?

Just because it is only accessible via the ISP doesn't mean it isn't vulnerable to an attack. As long as the thing is on the internet someone can connect to it. The question is - how vulnerable is the OS that it runs to attacks? As someone said before, probably not that vulnerable.