Bitcoin Forum
November 19, 2018, 04:16:15 AM *
News: Latest Bitcoin Core release: 0.17.0 [Torrent].
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Security - router  (Read 110 times)
cryptolord2077
Full Member
***
Offline Offline

Activity: 308
Merit: 106



View Profile
September 04, 2018, 07:30:01 PM
Merited by Smart man (3), runhuayi (3)
 #1

It is based on real history.

For those who are too lazy to read at once I write that basically it is necessary to monitor two things in the router through which you connect to the Internet:
  • in the DNS configuration, there should be no left garbage;
  • it must be ensured that no one can write garbage in the DNS configuration;
  • it is desirable that the firmware file of the router be the same as the firmware file on the manufacturer's website (check for checksums).
     
If you click this point, at the most, outside hackers will know which sites you are visiting. In the worst you will be sent to a phishing site with all the ensuing consequences.

Now my story.

Recently I changed my place of residence and connected the Internet to a new place. On the old one was the ADSL, on the new optics 100 MB / s. I did not have my own router. The old router had factory default settings that were protected, that is, it was only possible to connect to it after the first power-up on the LAN port.

A specialist from the provider came to me with a router. He started connecting the router and without permission changed the DNS settings from auto to manual. Well, I was a little surprised. Then I was even more surprised when he entered the DNS server address 150.254.124.26 without my permission. All this was happening in front of me. It's just that I've never seen such an ip in my city. Strange some kind of provider settings, I thought. I thought: when I have free time - I read the instructions, it will be necessary to understand. In the meantime, let everything remain so, I will not touch anything, it's with the factory settings - it means protected.

Further I was engaged in crypto-currency affairs and noticed a few oddities: in the first days with me at the height of the activity, the router rebooted itself. I thought (well, I'm an asshole!) That it could not stand my pressure surfing. After 2 weeks for some strange reason, the session on the exchange dropped a couple of times, which usually happened when I visited it from another computer. (I still remember that fortunately, shortly before this, everything was taken from exchange to a local wallet). Well, I went into the router, it seems everything is fine, just in case I put the password on the admin.

After another 2 weeks, they took up my arms tightly. All exchanges either did not download, or began to give out messages "the site does not give out for who it is", etc. When connecting through VPN, everything was OK and I immediately realized that I was wrong not having to deal with the router right away. After changing DNS from the manual on the car it all worked. I quit all the business and took up the settings.

In the process of parsing it turned out that everything is sad. The router was one solid dirty hole:
  • the factory settings are such that anyone without a password can connect via LAN, Wi-Fi and WAN and change the settings as you like (but when you save, you will need to reboot the router - I wrote above how it rebooted itself)
  • a brief instruction on a piece of paper from the box did not warn about the vulnerability
  • help instruction in English for each setting is useful, but about the vulnerability nothing was said
       
In general, I had to deal with trial and error, experimentally, I found the entire vulnerability of the product and the absurdity of the factory settings. So keep in mind that this also happens and do not relax.
What in this case to do - decide for yourself. I'll write what I did, in chronological order, with frequent save-reboots of the router:

  • disconnect WAN cable
  • Resetting settings to the factory and immediately password-protected admin and user with changing names to other
  • disable wifi
  • setting up an Internet connection, connecting a WAN cable, downloading the latest firmware, disconnecting the WAN cable (!), updating the firmware. By the way, the firmware update does not reset the settings to the factory ones, which is not right in my opinion.
  • reset the settings to the factory settings, immediately protect the admin and user, for reliability with changing the names
  • Wi-Fi password
  • set up the Internet
  • connect a WAN cable
  • with a router everything, now go change passwords on websites
And for the future if I ever connect the Internet somewhere, the connection specialist will come, connect the wires, check that everything is working and will be removed with his router. For the house, the router will be purchased at the store.

Thank you for your attention, take care of the freaks.


This topic is an English adaptation. Russian original by DarkNightRider: https://bitcointalk.org/index.php?topic=2944516.0
Thank you for attention!


▂▂ ▃▃ ▅ ▆ ▇ █ TeraWATT █ ▇ ▆ ▅ ▃▃ ▂▂
≒≒≒≒≒≒≒≒≒≒≒≒≒≒≒≒≒≒≒≒
WEBSITE』『WHITEPAPER
Global LED Adoption Through Blockchain Technology
≒≒≒≒≒≒≒≒≒『ICO IS LIVE』≒≒≒≒≒≒≒≒≒
≒≒≒≒≒≒≒≒≒≒≒≒≒≒≒≒≒≒
TWITTER』『TELEGRAM

1542600975
Hero Member
*
Offline Offline

Posts: 1542600975

View Profile Personal Message (Offline)

Ignore
1542600975
Reply with quote  #2

1542600975
Report to moderator
The grue lurks in the darkest places of the earth. Its favorite diet is adventurers, but its insatiable appetite is tempered by its fear of light. No grue has ever been seen by the light of day, and few have survived its fearsome jaws to tell the tale.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1542600975
Hero Member
*
Offline Offline

Posts: 1542600975

View Profile Personal Message (Offline)

Ignore
1542600975
Reply with quote  #2

1542600975
Report to moderator
1542600975
Hero Member
*
Offline Offline

Posts: 1542600975

View Profile Personal Message (Offline)

Ignore
1542600975
Reply with quote  #2

1542600975
Report to moderator
vlom
Legendary
*
Offline Offline

Activity: 1190
Merit: 1054


1312: The Movement — Freedom Organizat


View Profile WWW
September 04, 2018, 07:41:17 PM
 #2

ty you for sharing this.
but i think this can be achieved easier. Never use a router that a ISP offers you and never let anybody else alter setting.
use something like Linksys WRT1900ACS and install https://dd-wrt.com

Trade crypto like a boss: Gunbot enables you to make daily automatic profits!
|\¯¯ \   /¯¯/| |¯¯¯|__'  /¯¯,¯¯\     /¯¯\/¯ \'  
\  \__\/__/ /' |_____'| |\____ /|'  /__ (\/)__\
  '\|____ |/'   |_____'|  \|___ |/ °|___ |v|___|
    '                                             
iasenko
Sr. Member
****
Offline Offline

Activity: 378
Merit: 620


Bitcointalk Memes,post yours here> topic=4937275.0


View Profile WWW
September 04, 2018, 09:06:09 PM
 #3

ty you for sharing this.
but i think this can be achieved easier. Never use a router that a ISP offers you and never let anybody else alter setting.
use something like Linksys WRT1900ACS and install https://dd-wrt.com

In addition to this, if you are a bit more thechy just grab an old PC and run a proper free software like pfSense or MikroTik.
Then you can setup your own VPN and Firewall not only routing.
I have a Load Balancing configured and I can say that there's nothing better than a backup line Smiley

trahaubab
Jr. Member
*
Offline Offline

Activity: 126
Merit: 2


View Profile WWW
September 05, 2018, 12:18:46 AM
 #4

technically, can cold wallets on USB devices and other, be hacked because of router leaks?
Is there sense in such devices when you have a usual router?

pigzbe  |  A piggy-wallet™ not a piggy bank  |  powered by Wollo
● ● ●  A tangible digital piggy-wallet for children age 6 and up.
jseverson
Hero Member
*****
Offline Offline

Activity: 784
Merit: 646


View Profile
September 05, 2018, 06:02:58 AM
 #5

technically, can cold wallets on USB devices and other, be hacked because of router leaks?
Is there sense in such devices when you have a usual router?

Nope, cold wallets should theoretically be invulnerable to any attacks that involve a compromised router. VPNs should also protect you against most of them.

It sounds like someone just installed a shit router on OP's home. The main point of concern is the person setting up your router can potentially expose you to threats. Most routers have a factory reset button somewhere (the one you need to prick with something thin) and using that should be able to solve most problems unless your router has shit default settings.

arsene1
Newbie
*
Offline Offline

Activity: 18
Merit: 0


View Profile
September 05, 2018, 06:32:53 AM
 #6

Wow! This is something new to me, and it is a bit technical. How does someone who is not familiar with the technicalities detect this hole?
jseverson
Hero Member
*****
Offline Offline

Activity: 784
Merit: 646


View Profile
September 06, 2018, 02:05:59 AM
 #7

Wow! This is something new to me, and it is a bit technical. How does someone who is not familiar with the technicalities detect this hole?

The simplest solution to avoid it entirely is probably to set a static DNS for your computer. Google's (8.8.8.8 or 8.8.4.4) should be good enough for most, but you may want to look up Open DNS or other providers. This is pretty easy to do, you just need to Google exact instructions for your OS.

You can otherwise tweak your router to detect it, but that requires a bit more technical knowledge. If you're suspicious of the person who installed it, you can just do a factory reset to undo whatever he modified -- this may break your connection depending on the ISP though, so be careful.

VPNs also work. Everyone who uses crypto should have a VPN imo.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!