How does someone hack into a router??

[milehigh]

I've got a Linksys 8 port router in a building with a lot of users.

I'm a bit new when it comes to large network security but somebody has helped themselves to the port forwarding settings to forward some ports specifically for themselves.

I'm the only one with the password and its a password with 10 characters of mixed numbers and letters so I reallly don't think it could have been guessed.

How did they do this and how do I keep it from happening.

(actually...probably not to cool to post HOW to do this but I'm really interested in keeping it from happening in the future)

 

[InlineFive]

This isn't going to be easy. It seems to me that one of your users is using a password cracker on the router. In which case future passwords will be just as vulnerable.

One solution would be to make all users Limited Users and enforce Software Restriction Policies.

 

[nsafreak]

There's also the possibilty that the router has a backdoor password and someone figured out which one yours used. Not a high possibility but I guess it is possible. I would highly recommend setting the router so that you can not access the administration pages from the internet.

 

[Brazen]

The person might have sniffed your password. Under the administration page, you should have an option to use "http" or "https" or both. Choose not to use "http" and only use "https" then change your password.

Other than that, the linksys routers don't have much in the way of security. If you used an old pc as a router with m0n0wall or pfsense on it, then you could restrict management access to only your computer's ip address.

 

[RebateMonger]

You didn't give the model of your router, nor the firmware version. According to this UseNet post, there's been at least one Linksys router vulnerability that allowed access to the router's web interface without a password.

Secunia.com listing of Linksys security advisories.

 

[milehigh]

Its the Linksys BEF series...

I've got a Linksys RV082 router on order as a replacement for that one so hopefully the security on that one is a little better.

I can map out their IP/MAC address to a specific room number so I"ll let building management take it from here. From your links here and googling elsewhere I can see that its definately not impossible to hack the BEF series router in particular.

Thanks for the responses.

 

[RebateMonger]

Presumably, the most recent Linksys firmware version has fixed this potential attack method.

It's pretty common to neglect patching hardware routers to the latest firmware. Almost every client's small office/home router that I've looked at has old firmware.

 

[Thyme]

Do you have UPnP enabled?

 

[RebateMonger]

n.m.

 

[RebateMonger]

Originally posted by: Thyme
Do you have UPnP enabled?

Good point. Somebody's application could have requested that UPnP forward those ports. It might not be "hackers" at all.

 

[Barf]

UPnP is enabled on my router (sorry to hijack thread). What are the consequences of disabling it? Should I do so?

 

[MarkLuvsCS]

UPnP enables clients to open ports (possible security holes) as the software deems necessary. It will open all sorts of random ports, and you can be sure that there are worms that will take full advantage of the full access to the net.

I'm not 100% positive on this last note, but let me say it. If the client~software can open a port with UPnP active, what stops it from opening ANY and ALL ports it deems necessary???

 

[InlineFive]

Originally posted by: MarkLuvsCS
UPnP enables clients to open ports (possible security holes) as the software deems necessary. It will open all sorts of random ports, and you can be sure that there are worms that will take full advantage of the full access to the net.

I'm not 100% positive on this last note, but let me say it. If the client~software can open a port with UPnP active, what stops it from opening ANY and ALL ports it deems necessary???

Bingo, this is a big reason why I always disable SSDP and UPnP. The most issues I have seen are with XBox Live but this is fairly easy to work around.

 

[JackMDS]

Ports need to be open to a specific IP. If your IPs are static or reserved try to find the culprit and ask him/her.

If static IP is not used, might be a good idea to switch to static IPs, assigned to users, to avoid abuses.

 

[milehigh]

Originally posted by: JackMDS
Ports need to be open to a specific IP. If your IPs are static or reserved try to find the culprit and ask him/her.

If static IP is not used, might be a good idea to switch to static IPs, assigned to users, to avoid abuses.

We tracked down one user already this way...As soon as I saw the IP address I looked up the MAC address in the DHCP tabled and filtered it at our Net Equalizer appliance (figured filtering it at the router wouldn't do any good anyway since they already had access to that!)

After about a day and a half they came running and complaining that their internet was down.

The firmware version is currently Firmware Version: 2.51.1 on teh BEFSR81 but like I said...I've got the replacement coming anyway.

UPnP is disabled.

 

[RebateMonger]

So, do routers offering UPnP require any sort of router Administrator Password to open up Port Forwarding? Apparently not.

 

[mrnoitall]

The availability and low cost of networking components has created some very serious security issues.
I have a network in my home as well, but I have seen some very serious security issues with these affordable routers and switches. I have been able to breach the security measures that were in place on my Linksys router shortly after I purchased it. I Emailed Linksys and in a day or two, they alerted me to a new firmware upgrade that was supposed to fix the issue. I downloaded it and guess what? The issue seems to be resolved as I can not defeat it anymore.
My suggestion to you is that you ensure you have the latest firmware installed and that you learn some basic networking skills. These devices are supposed to be maintenance-free, but I assure you, you need to learn to tweak the settings and close off services that you aren't using.
Good luck.