Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Can a hacker get through to my Lan from ADSL router?

Reply
Thread Tools

Can a hacker get through to my Lan from ADSL router?

 
 
Cautious Joe
Guest
Posts: n/a
 
      03-08-2009
I had my router set up with no security for a long long time, by
mistake, and anyone could log on from the internet and get into the
administrator account and change any settings.

So suppose someone did log onto my router from the internet, could they
do any real harm? (other than stealing my email address / password and
deliberately knocking my system offline by changing settings).

My question is, could a hacker who got into my router simply get onto my
LAN and then into my pcs?

The way I see it, there is no way that they could, but i just want to be
100% sure to decide whether i might need to re-install my OS.

Thanks.
 
Reply With Quote
 
 
 
 
Bit Twister
Guest
Posts: n/a
 
      03-08-2009
On Sun, 08 Mar 2009 18:40:57 +0000, Cautious Joe wrote:

> So suppose someone did log onto my router from the internet, could they
> do any real harm? (other than stealing my email address / password and
> deliberately knocking my system offline by changing settings).


What if they used your email account to create other accounts and/or sent
threatening email to bank/mayor/police.


> My question is, could a hacker who got into my router simply get onto my
> LAN and then into my pcs?


cracker could change your router's DNS server's and route all your
internet activity through their equipment.

> The way I see it, there is no way that they could,


Depends on your computer OS. Route you through a malware distribution
site which downloads malware onto your system and then gets control.

> but i just want to be
> 100% sure to decide whether i might need to re-install my OS.


I suggest using OpenDNS.com's free DNS servers, set as static, in/on your
OS. That reduces the possibility of a router crack from causing you problems.

 
Reply With Quote
 
 
 
 
macarró
Guest
Posts: n/a
 
      03-09-2009
site which downloads malware onto your system and then gets control.
>
>> but i just want to be
>> 100% sure to decide whether i might need to re-install my OS.

>
> I suggest using OpenDNS.com's free DNS servers, set as static, in/on your
> OS. That reduces the possibility of a router crack from causing you problems.


Wil using OpenDNS avoid my ISP logging my internet activities as well?

I was wondering since I am not using my ISP DNS maybe they can not log
what sites I visit.


 
Reply With Quote
 
Bit Twister
Guest
Posts: n/a
 
      03-09-2009
On Mon, 09 Mar 2009 13:34:08 +0100, macarró wrote:

> Wil using OpenDNS avoid my ISP logging my internet activities as well?


It will make it somewhat harder to log them.

> I was wondering since I am not using my ISP DNS maybe they can not log
> what sites I visit.


Deep packet inspection would let them log whatever they like.
 
Reply With Quote
 
Cautious Joe
Guest
Posts: n/a
 
      03-09-2009
Bit Twister wrote:

> cracker could change your router's DNS server's and route all your
> internet activity through their equipment.


Thats a little far fetched. If a hacker has such big computing power to
do that well fair play to him. Most normal people do not own machines
that can replicate a DNS server

> I suggest using OpenDNS.com's free DNS servers, set as static, in/on your
> OS. That reduces the possibility of a router crack from causing you problems.
>

In my case - with my current hardware, this is impossible. No one -
including me is able to alter my router's DNS server settings, as they
are hardcoded into the firmware. But if I get a new router, I might well
try OpenDNS.
 
Reply With Quote
 
Cautious Joe
Guest
Posts: n/a
 
      03-09-2009
Bit Twister wrote:
> On Mon, 09 Mar 2009 13:34:08 +0100, macarró wrote:
>
>> Wil using OpenDNS avoid my ISP logging my internet activities as well?

>
> It will make it somewhat harder to log them.


I disagree. Remember, you are using your ISP's network to access the
internet. That means that every packet that you transmit and recieve can
easily be intercepted and inspected by them.

In theory,If they wanted to monitor you all they need do is run a simple
packet sniffing program for all traffic going to and coming from you.

AFAIK in theory, they can only do that sort of thing with legal
authority - but heaven knows what goes on in practice.

The only protection against that kind of interception would be for you
to use pgp encryption for your data. This of course would be useful to
protect people at your ISP snooping on your emails. As for web-surfing I
believe that Tor would give some protection from traffic analysis SO
LONG as the websites you visited were OUTSIDE the network owned by your
ISP. In other words, it would add so much extra data it would make it
very very difficult for a ISP - without assistance from some other
agency - to figure where you have been surfing.

>
>> I was wondering since I am not using my ISP DNS maybe they can not log
>> what sites I visit.

>
> Deep packet inspection would let them log whatever they like.


It does not even have to be 'deep': more along the lines of a manager
simply telling a techician to run a filter against IP x.x.x.x.
 
Reply With Quote
 
Bit Twister
Guest
Posts: n/a
 
      03-09-2009
On Mon, 09 Mar 2009 17:44:30 +0000, Cautious Joe wrote:
> Bit Twister wrote:
>
>> cracker could change your router's DNS server's and route all your
>> internet activity through their equipment.

>
> Thats a little far fetched. If a hacker has such big computing power to
> do that well fair play to him. Most normal people do not own machines
> that can replicate a DNS server


Hmmm, maybe we have a terminology problem. Any desktop has enough
horsepower to accept dns queries and do whatever the admin wants with them.

It is no problem for me to add define anything I want in my zone file
to return any ip I want using named (bind) dns server.

Cracker can use axel/curl/wget/whatever to pull down, say any bank site,
set bank's ip in named to be cracker's site.
Next time user goes to bank site, they wind up on cracker's fake site.
Cracker intercepts form responses, does whatever he likes, forwards
those to real bank and user has no clue cracker is in the middle.

> In my case - with my current hardware, this is impossible. No one -
> including me is able to alter my router's DNS server settings, as they
> are hardcoded into the firmware. But if I get a new router, I might well
> try OpenDNS.


Interesting, I thought adsl router's used dhcp to get a lease from their
ISP which gave out the gateway to use and which DNS servers to use.

What is the vendor and model number of your router.
 
Reply With Quote
 
Cautious Joe
Guest
Posts: n/a
 
      03-09-2009
Bit Twister wrote:

>> In my case - with my current hardware, this is impossible. No one -
>> including me is able to alter my router's DNS server settings, as they
>> are hardcoded into the firmware. But if I get a new router, I might well
>> try OpenDNS.

>
> Interesting, I thought adsl router's used dhcp to get a lease from their
> ISP which gave out the gateway to use and which DNS servers to use.
>
> What is the vendor and model number of your router.


Its a Siemens Gigaset SE587 - apparently the defacto tiscali
router/modem & the DNS servers are set. They cannot be changed. Thats
good from a security standpoint - but if they have network problems - it
means i can never try to set an alternate route.

I am going to invest in another router / modem so I can have more
control over settings. Then I will follow your recommendation about open
DNS... I am looking at some relatively cheap models which actually use
open source firmware
 
Reply With Quote
 
Bit Twister
Guest
Posts: n/a
 
      03-09-2009
On Mon, 09 Mar 2009 21:21:30 +0000, Cautious Joe wrote:

> I am going to invest in another router / modem so I can have more
> control over settings. Then I will follow your recommendation about open
> DNS...


You missed my point of setting DNS static on your OS. That way router DNS
has no bearing on your day to day internet activity.

Here is the link.
https://www.opendns.com/start/computer/
 
Reply With Quote
 
Cautious Joe
Guest
Posts: n/a
 
      03-09-2009
Bit Twister wrote:
> On Mon, 09 Mar 2009 21:21:30 +0000, Cautious Joe wrote:
>
>> I am going to invest in another router / modem so I can have more
>> control over settings. Then I will follow your recommendation about open
>> DNS...

>
> You missed my point of setting DNS static on your OS. That way router DNS
> has no bearing on your day to day internet activity.
>
> Here is the link.
> https://www.opendns.com/start/computer/


OK - so it seems i should do this in anycase - regardless of if im using
openDNS..I will have to look into this tomorrow. I use mandriva as my os.
thanks for this info
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
"MASS-HACKER of U.S. Government Systems To Get Mere Slap On Wrist!UK Fights His Extradition!" Suppurating Tool Computer Security 9 11-26-2009 07:02 PM
870 slow in lan but fast from the wan to lan, can you help me? Euclides Cisco 6 01-26-2006 01:20 PM
Can't connect wired linksys lan to wireless belkin lan Tom D Wireless Networking 4 01-24-2005 02:06 PM
Ping timeout: lan to lan through vpn. (newbie) Paul Clancy Cisco 2 02-05-2004 03:33 PM
lan-to-lan vpn over adsl blaj Cisco 0 11-19-2003 08:32 PM



Advertisments