If they cant get into your computer, at least they take the router

While there is an ongoing discussion here about userfriendlyness of comodo for the masses,
the underlaying implication of “worryless and safe towards teh internet”,
this reasonable sense of security is not reflecting the whole connection to the internet.

“People” are not safe when just their computer is safe, the computer is safe.
The router isnt safe too.

As an internet security for masses, a firewall should instruct how to secure the whole connection.

Malware does not have to be installed on computers to built botnets. No malware is required at all. You just need to scan routers. And every new introduced router is another scanner, while being part of a botnet.

The more people get used to userfriendlyness, the more holes are there to scan.

It is true, unfortunately, that a lot of people don’t have a clue about their routers and the problem is exacerbated by OEMs who ‘kindly’ leave all sorts of ports open for remote ‘administration’.

Just recently, there was a report of ‘backdoor’ in TP-Link routers

Neither are local printers. I don’t the url present for a relevant article.

Would that also be the job of the firewall (maker)? Or would it be the job for the OS maker along with security for the router? Or for the printer maker? Or for the ISP? The government may be? :wink:

What exactly can criminals do with something like a router if they don’t have access to the computer? Sorry, this is a new area of internet security for me.

Anyone that has full access to your router, also has access to your network and all traffic that passes through the router…

Ok, now I understand the danger, but how can it be used as part of a botnet if they don’t have access to your computer? Doesn’t a botnet require computing power to be of use?

How much computing power do you think is needed? My old router has 32MB RAM and a 2.5GHz processor. It runs Tomato and has a torrent client, media server and captive portal, It also supports twin USB for additional expansion. If I wanted I could install a number or different packages through Optware or compile my own and make it do pretty much anything, within reason. My new router has 256MB RAM…

Router - Based Botnet On The Loose - Dark Reading
Chuck Norris Botnet Overtakes Routers

True. That’s why I always secure my router itself and my PC. You can’t just secure one and be safe.

First thing is to change the default password :slight_smile:

Most do not just plug in connect and think they are protected.

If you wander around your neighbourhood there is a good chance that you can find a open network you can connect to :frowning:

There was a report in our local paper a year or so ago about open networks of some businesses including one law firm.

Like Computers/Security software if you are not willing to look and learn.

You are not Safe.

Thank you very much for the explanation. I hadn’t realized this until now.

Both of the described router malware can be prevented by disabling remote access capability to the WAN and using a strong password. The Chuck Norris malware described in the second article only lives in RAM and doesn’t survive a reboot.

This type of malware can make a “great” man in the middle attack with changed DNS servers.

How would one go about securing the router, I believe mine has a firewall, plus Comodo firewall, but I use wireless with a hub - is this the same?

As described in my previous post and by using strong passwords on your wireless. The firewall on your router is usually enabled by default. Make sure it is switched on.

It’s quite true that a lot of potential weaknesses can be mitigated by some relatively simple administration. Unfortunately, a great many people will simply unpack, plug-in and think everything is hunky dory. It’s also true that some OEM remote admin capabilities, on some routers, are extremely difficult to close and may cause problems with the OEM if you do manage to close ‘fix’ them.

It’s also worth looking around at router exploits, as the two I posted above, were just examples for Chiron. There are many, many more.

If the exploit originates from the Internet side of the router, whatever you have on the LAN side, is of little consequence. Likewise, a router firewall is no guarantee the router is not exploitable. It also doesn’t help when router vendors behave like this:

A a simple starting point, you should make sure any remote administration capabilities - from the Internet - are either disabled or have very strong passwords. If your router supports SSH, make sure you use key exchange. Also, if it’s an OEM router, try to ascertain whether or not the supplier has a remote access.

I have sealed all connections, closed the ones that were open by default the firewall is turned on and my password is 64 characters/special symbols long.

Thanks for all the above info, I will check it all out just to be 100% sure…

That sounds very odd.

Another recent problem with some Routers, is that UPnP is ‘exposed’ to the Internet side and not just the Local network side

US CERT warns of serious UPnP router vulnerability

If any doubts you can check your Router at the Gibson Research Website and go to the Shields Up section to test, as well as all ports on the PC :slight_smile:

Hi Dolphin66: I have already tested my hub on the Gibson website, mine passed, plus all my ports where stealth and passed all test(s)

I checked the Linksys support pages to see that my E 4200 router is not affected.