•
Listen to the podcast: Change Your Password
- No, not that one.... 
Transcript
This is Leo Notenboom for askleo.info.
News reports surfaced this week telling of a newly discovered vulnerability. Well, it's certainly not a new vulnerability, and whether or not it's really been "newly discovered" is arguable too. But it's definitely making the news.
As well it should.
So, let me ask you this: what's the password to your router? The password that you use to gain access to the router settings.
If you don't know, or you've never changed it you're probably at risk.
Here's how the vulnerability works:
A virus, some spyware, or even some Javascript from a malicious web site can try to connect, over your LAN, to the administration interface of your router. If you haven't changed that password, this malware can simply use the default password to login. Once that happens, all bets are off. One scenario is that the router might be silently reconfigured to, without warning, take you to some phishing site when you might think you're going to a legitimate site like eBay, Paypal or your bank.
Scary, right?
So how many of you LinkSys owners have a password of "admin" on your router? That's the default password, and if that's the password to your router, you're at risk. If you have a different brand of router, the default is probably something else, but given the overwhelming popularity of brands such as LinkSys, Cisco, NetGear, DLink, and a handful of others, it's pretty easy for malware to just try them all until something works.
So, if you make only one security change today, change the password on your router. Remember to keep it in a safe place, of course, so you'll have it when you need it later.
Oh, and if you do forget the password later, almost all routers have a master reset sequence that will restore the router to its initial configuration, including that default password. Master reset not something you can do remotely; it typically involves actually pushing a button on the router. You'll lose any configuration changes you'll have made, but at least you'll be able to get back in.
Routers are an incredibly important part making sure your local network and the computers on it are safe from external threats. This vulnerability masquerades as an internal user on your LAN, so making sure that your router is configured securely with it's own unique password is extra important.
And yep ... until this morning my router's password was "admin".
Not any more.
I'd love to hear what you think. Visit askleo.info and enter 11177 in the go to article number box and leave me a comment. While you're there, search over 1,000 technical questions and answers on the site.
Till next time, I'm Leo Notenboom, for askleo.info.
ShareArticle C2937 - February 18, 2007
After reading this article, I followed the links to some of the related articles and now have these questions: My computer is a stand-alone, not networked with any other. Is there any reason to change the router's password as long as I don't network with any other computer? And, since I am not networked with any other computer, do I even have a router? (I get my internet access through my TV cable company, who supplied the modem, though I'm not computer-savvy enough to know if this makes any difference or not.)
25-Feb-2010
Posted by: Bombay Granny at February 24, 2010 11:37 AM
I've encountered this change router password subject in articles by several other tech newsletters. I promptly changed my Linksys (non-wireless) router ONLY TO FIND I COULD NOT CONNECT TO THE INTERNET! An ISP page came up instead wanting to run a diagnostic that ended up with a "call us" result. So I reset my router password but still got a failed connection.
So I called AT&T/SBCGLOBAL.NET (using a number I already had not the one I was given - paranoia pays, y'know!).
My ISP told me that there had to be some kind of password agreement with my user account...but several attempts by them to get things working again ended in disconnecting the router and straight connecting to the DSL modem.
There seemed to be some concern that the internet light on my modem was not lighting up (but I can tell you that it never did when the previous router and modem connection had ALWAYS worked).
Efforts focused on "bridging" and not bridging and PPO and PPOea, etc. and stuff the tech was vague about left my head spinning.
But I had a working modem-direct connection and since I had to leave for an appointment I thanked them, left it at that, and moved along. Later, I reinstalled the Linksys using the CD (which crashed 1/2 way through the install). In frustration, I cold booted the PC with the power off on the modem and the router. Waited a minute and powered them on and VOILA, everthing was working again.
Now, about the paranoia part...so now my internet light on my modem is always on and frankly I'm a little concerned that I'm less secure than I was before since I imagine that my IP address is not that of the router but of my PC.
Should I be concerned. Should I go back to the ISP? Back to Linksys? Back to bed?
Thanks.
Posted by: Steve at February 26, 2010 10:09 AMThanks Leo and all of you commentators!
Posted by: Roger at March 5, 2010 2:52 PMI first logged onto my ISP's website and went to their FAQs pages. There, they showed me how to get to my Netgear router webpage from which I just followed the step by step instructions to set a password of my own and by the way disable the wireless function altogether!
Drastic did you say?
I never overlook my teacher's advices!
Cheers to all!
Thanks for your reply Leo.
I didn't realise before, that port scanners had to know what service the port was being used for to exploit it. See, I am learning stuff! /grins.
Leo wrote:
"if it does attempt to probe that (random - ed) port the scanner has no real way to know what service "language" (like SSH) it should talk to the port to make it operate"
Snipped from Wikipedia:
"A port may be forwarded for use by either the TCP protocol, the UDP protocol, or both."
I guess I just assumed that port scanners these days would be intelligent enough to know that non-standard (hence forwarded) ports, must be using one or both of the accepted TCP or UDP protocols.
But that aside, say a port scanner finds a port that it knows what service it's being used for, say POP on port 110, or NNTP on 119. Aren't firewalls configured to accept connections (in the appropriate protocols) through these ports? Can't it then exploit them? and if not, why not? I understand that some protocols are inherently secure, like SSH.
I'll also understand if you don't reply to this one, as it is a little OT. Or maybe there is a more appropriate discussion thread to post this to?
But cheers anyway Leo, for the invaluable understanding and advice you impart.
Oh BTW Steve, are you sure you didn't inadvertently change your internet account password (the one your ISP gave you), and not just the modem's login password?
Another thing to consider is that, even if it only has one physical port, your "modem" is *also* a router. It serves up LAN IP addresses, as does your "router". If by chance the router tries to use the same IP address as the modem (and I have seen that happen) you will have an IP address conflict. Resulting in the loss of your internet connection. But in any case, your modem/router is what's facing the internet, so it's a "no" to your paranoia question.
I really hope Leo doesn't mind if I point you towards a page at portforward dot com. Learning about port forwarding has increased my knowledge of networking appreciably. Even if you never do port forwarding, this stuff worth knowing. You will at least learn why teck support tried to "bridge" your router. /smiles http://www.portforward.com/help/doublerouterportforwarding.htm
Best regards to all. ~Adrian (Lan Down Under)
No. The fundamental difference here is incomming versus outgoing - yes, you may use 110 for POP3, but that's an outgoing connection from your PC to your mail server. Your firewall continues to block 110 incoming connections. In reality there are typically no valid incoming connections in a normal home or small business setup. All the connections you make are outgoing - i.e. initiated by your computers connecting to an outside service.
08-Mar-2010
Posted by: Adrian at March 6, 2010 8:15 PM
Actually, for some routers, there might be several user/password combinations just as administrator, guest, etc. accounts in Windows. Example: admin/support/user in one of my modems. These may be disabled or not. If not, defaults may apply. I remember a friend claiming nobody could access his PC because of a fancy user/password combination he was using, but he simply forgot the other defauly accounts including the admin. Same goes true for many modems and should be checked and modified or disabled.
Posted by: A. Orcan at March 23, 2010 3:50 AM