Peter Hansteen blogs about passwords and swarms of bots trying to guess router passwords. In his current logs he finds more than 700 machines looking for mostly what appears to be various manufacturers' names and a few other usual suspects. He's posted his data online and some analysis.
This discussion has been archived.
No new comments can be posted.
The Password? You Changed It, Right?
|
Log In/Create an Account
| Top
| 5 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(Score: 4, Informative) by dltaylor on Sunday December 14 2014, @02:59AM
Unless there's a business (no home user) case, remote administration should be OFF on all routers, as should response to pretty much everything else from the Internet (WAN, in my router's vocabulary). If you cannot do that, either install a router-specific package (OpenWRT or Tomato), or throw the useless thing away. I know about the JavaScript attacks from the intranet (LAN) side, but since that's blocked in my browers, I'm just keeping an eye on it until I finish the OpenBSD router/firewall to replace the "business class" (HAH!) router I use at home.
Any business employing management or staff not bright enough to secure routers with at least a difficult password, if not some serious authentication and authorization scheme, deserve to be hacked.
(Score: 3, Informative) by Adamsjas on Sunday December 14 2014, @04:51AM
I take the other approach.
I put the router in bridge mode (aka pass-through) disabling any vendor supplied (un-maintained, obsolete, bug ridden,) software, and feed it directly into my packet filter router (OpenBSD this week, Linux in the past) on a small machine that does only a few things, and which can't be logged into with any passwords (except from the console).
Of course management access over the WAN is disabled, but even if they cracked that somehow, they get nowhere.
(Score: 0) by Anonymous Coward on Sunday December 14 2014, @06:09AM
I put the router in bridge mode (aka pass-through) disabling any vendor supplied (un-maintained, obsolete, bug ridden,) software, and feed it directly into my packet filter router (OpenBSD this week, Linux in the past)
That is the only sane solution.
You can even do this with a VM these days on your internal server. Bridge external interface into a VM and let it filter for you. No need for extra filter boxes.
Why not do this outside a VM, on your internal server? If your OS is vulnerable to some magic packet in some protocol, the attacker will then have to escape a full VM too. Easier to manage and could be on read-only instance. Also, crashing a VM would not affect your internal system.
(Score: 2) by pixeldyne on Monday December 15 2014, @08:49AM
Even doing something as simple as changing RDP port to say.. 23389 will drop the random attack hits by 99% (ymmv). Obviously that's not the only solution to rely on.
(Score: 0) by Anonymous Coward on Sunday December 14 2014, @05:02AM
"Well, gentlemen. Where to start? I was born on the planet Gallifrey, in the constellation of Kasterborous. I'm a Time Lord, but my Prydonian privileges were revoked when I stole a time capsule and ran away. Currently pilot a Type 40 Tardis. I've been married four times, all deceased. My children and grandchildren are missing, and I assume, dead. I have a non-Gallifreyan daughter created via genetic transfer. How much more do you need? I'm the Doctor."