It is based on real history.
For those who are too lazy to read at once I write that basically it is necessary to monitor two things in the router through which you connect to the Internet:
- in the DNS configuration, there should be no left garbage;
- it must be ensured that no one can write garbage in the DNS configuration;
- it is desirable that the firmware file of the router be the same as the firmware file on the manufacturer's website (check for checksums).
If you click this point, at the most, outside hackers will know which sites you are visiting. In the worst you will be sent to a phishing site with all the ensuing consequences.
Now my story.
Recently I changed my place of residence and connected the Internet to a new place. On the old one was the ADSL, on the new optics 100 MB / s. I did not have my own router. The old router had factory default settings that were protected, that is, it was only possible to connect to it after the first power-up on the LAN port.
A specialist from the provider came to me with a router. He started connecting the router and without permission changed the DNS settings from auto to manual. Well, I was a little surprised. Then I was even more surprised when he entered the DNS server address 150.254.124.26 without my permission. All this was happening in front of me. It's just that I've never seen such an ip in my city. Strange some kind of provider settings, I thought. I thought: when I have free time - I read the instructions, it will be necessary to understand. In the meantime, let everything remain so, I will not touch anything, it's with the factory settings - it means protected.
Further I was engaged in crypto-currency affairs and noticed a few oddities: in the first days with me at the height of the activity, the router rebooted itself. I thought (well, I'm an asshole!) That it could not stand my pressure surfing. After 2 weeks for some strange reason, the session on the exchange dropped a couple of times, which usually happened when I visited it from another computer. (I still remember that fortunately, shortly before this, everything was taken from exchange to a local wallet). Well, I went into the router, it seems everything is fine, just in case I put the password on the admin.
After another 2 weeks, they took up my arms tightly. All exchanges either did not download, or began to give out messages "the site does not give out for who it is", etc. When connecting through VPN, everything was OK and I immediately realized that I was wrong not having to deal with the router right away. After changing DNS from the manual on the car it all worked. I quit all the business and took up the settings.
In the process of parsing it turned out that everything is sad. The router was one solid dirty hole:
- the factory settings are such that anyone without a password can connect via LAN, Wi-Fi and WAN and change the settings as you like (but when you save, you will need to reboot the router - I wrote above how it rebooted itself)
- a brief instruction on a piece of paper from the box did not warn about the vulnerability
- help instruction in English for each setting is useful, but about the vulnerability nothing was said
In general, I had to deal with trial and error, experimentally, I found the entire vulnerability of the product and the absurdity of the factory settings. So keep in mind that this also happens and do not relax.
What in this case to do - decide for yourself. I'll write what I did, in chronological order, with frequent save-reboots of the router:
- disconnect WAN cable
- Resetting settings to the factory and immediately password-protected admin and user with changing names to other
- disable wifi
- setting up an Internet connection, connecting a WAN cable, downloading the latest firmware, disconnecting the WAN cable (!), updating the firmware. By the way, the firmware update does not reset the settings to the factory ones, which is not right in my opinion.
- reset the settings to the factory settings, immediately protect the admin and user, for reliability with changing the names
- Wi-Fi password
- set up the Internet
- connect a WAN cable
- with a router everything, now go change passwords on websites
And for the future if I ever connect the Internet somewhere, the connection specialist will come, connect the wires, check that everything is working and will be removed with his router. For the house, the router will be purchased at the store.
Thank you for your attention, take care of the freaks.
This topic is an English adaptation. Russian original by DarkNightRider: https://bitcointalk.org/index.php?topic=2944516.0
Thank you for attention!
