My router has been hacked ???

C

Chris

Weaksauce
Joined
Dec 16, 2002
Messages
82
Here's the background:

I have Dlink DIR-600 N-Lite router for my simple need of internet sharing (to my laptop & blackberry).
Firewall enabled, Wireless security set to WPA2.
I've been using this for 2 years without a problem....until yesterday.
Suddenly, my laptop & blackberry couldn't connect to the router.
I finally found out that the network password was mysteriously changed in the router's administrative page. That's why my laptop failed to connect.
All other settings in the router stayed the same.

I'm the only one who has administrative access to the router. Nobody knows the admin password. Has someone hacked the router & changed the password ? Why not messing up with other settings ? The last time my l used my laptop was 6 hours before this happened, and it connected automatically without a problem.

How possible is it that someone has hacked forcefully into the router wirelessly (with WPA2 enabled) ? Is it really easy ?
Frankly I can't think of any other way how the network password could change mysteriously.
 
View the history logs of who was connected to your router. If someone did connect it should have at least one foreign MAC address that doesn't belong to any device connected to your network. If all they did was break into the admin page they could have guessed the password or probably even brute forced it if it was short and non-complex. Also could have just been the router somehow malfunctioned and the firmware got reset with the default password? Happened a few times on my Linksys, one of the reasons I flashed it.

Was this just the admin router login page or was it the WPA2 password? If they rode your password protected network it might be a good idea to make a new one, more complex, and longer. Then again WPA2 still has its flaws, but without searching your routers connected client history there really is no way to know for sure what happened.
 
Some routers have poor security, and the settings can be manipulated through cross site request forgery. Basically, you go to some random website, and they have a hidden element that posts a form to your router and changes something; without requiring authentication. I didn't find a report for your model, but I did see one for a DIR-605 http://www.exploit-db.com/exploits/18638/

More likely if you're running on the default IP.
 
Describe the room the router is in. Would anyone have physical access to it without breaking and entering? Was the router supplied by your ISP, or one that you bought yourself? This would be one thing in, say, a college dorm, and a whole other thing in a residential home.
 
just reset the router and put a 20 character password on it with some special characters and numbers. problem solved.
 
Windows Secrets just posted an article on this. Turning off wps on some home routers actually doesn't really turn it off. Best practice is to disable wps and turn off ssid broadcast. In the OP's situation I would do both of those things as well as changing the ssid and the password.
 
I think everyone is going down the wrong track on this one. We'll need you to post pictures of all females you associate with, regardless of whether you think they are connected or not. Provocative poses are usually most insightful.
 
ok. I also believe it has been hacked. There is no chance the password could change itself.
The router is in my home. I have no guest or anyone coming to my house in the last 2 weeks.
No one has used my desktop or laptop, so physical hack is not possible.
I willl turn off WPS & SSID if that gives me extra security.
 
Not broadcasting the SSID doesn't give you that much more security but it doesn't hurt either. Have you checked that the router does not respond to management requests from the outside? (From the Internet..)
 
RocketTech said:
I think everyone is going down the wrong track on this one. We'll need you to post pictures of all females you associate with, regardless of whether you think they are connected or not. Provocative poses are usually most insightful.
Click to expand...


LMAO
 
adam30k said:
Not broadcasting the SSID doesn't give you that much more security but it doesn't hurt either. Have you checked that the router does not respond to management requests from the outside? (From the Internet..)
Click to expand...

Turning off SSID Broadcast is just security thru obscurity. It's sort of; "if they can't see me then I don't exist".
So, you're right. Not much security there.
 
You must log in or register to reply here.
Back
Top