Some of you probably do not care about reading about further errors and rear wickets in home routers. Unfortunately wrongly, because with control of the router the attacker could also take control over your computers.

If a burglar gets an administrator account password of the router, which you can get from the internet, it is threatened not only router, but most of all the network traffic passing through it. What is worse, to manipulate him, burglar does not have to get root access on the device - often enough to use one of the options in the administration panel. At the end of the article you will find instructions on how to protect themselves against such attacks.

The administrator of the router to the computer administrator

An interesting example of such an attack described by Nasro, author of the recent discovery of an error in the TP-Link routers, enabling remote reading device administrator password. He showed how, from the remote control over the router settings, go to attack computers on the local network.

In the first step known attack using the router administrator password to log in to the admin panel and set the first DNS server controlled by us on an IP address. The second DNS server leave unchanged or refer acting DNS server to when we exclude our server the attacker, attacked the network continue to work. Now, every request for an IP address goes to our server.

To answer and the answer we have to start our DNS server. For this we use the tool DNSChef, which acts as a DNS proxy and can give us answers indicated by or to any query, or only on those that previously configure.

All DNS requests will receive a response indicating therefore the server 192.168.1.16 (of course we can limit it only to such behavior. This server will listen for traffic webmitm tool, whose task is to redirect HTTP traffic to the appropriate server.

How does it work

The user network that is behind a router open a web page. The router queries the DNS server for the IP address of the server to which you want to get you. We take this question and answer giving the address of our server. The user, not knowing this, combined with our server. His question pass on to the target server, and the way to respond to stick on a piece of code that attacks his unpatched browser and its plug-ins. In the event of a successful attack gain access to your computer. If we have a little luck, the user does not notice that he fell victim to an attack.

Other types of attacks on home routers

Rather than attacking the computer and the user's browser, we can in the same way, for example. Overhear their passwords or inject data into its e-banking session (attacks on SSL connections is more difficult, because probably we do not have a trusted certificate, so we must count on the fact that you do not scare up Communication from the browser about problems with the reliability of the server). Of course we also diversify in a different way users use the network, for example. All pictures by turning them upside down.

These types of attacks can be carried out on a massive scale - in 2011 in Brazil, more than 4 million households routers have experienced unauthorized changes to DNS servers that are already behind computers instead of requested files received from the network Trojan horse.

How to defend against such attacks

The main problem with home routers is the fact that most often they must have direct access to the Internet, and their software is often far from ideal. Thus offering a lower level of security are also exposed to many risks - so you want to minimize the amount of these threats. The basic steps you should follow to better secure your router is:

Installing alternative software. On the market there are many free software packages dedicated to home routers. The software is the most common offers a lot more features than the original, it contains fewer security flaws and, if they are detected more quickly updated. If possible, it is worth before buying router see if you can is to install alternative software. Examples of such software is Tomato, OpenWRT or DD-WRT.

Disable remote access to the administrative interface. Some versions of the software enabled by default leave with Internet access to the administrative interface of the router. The benefits of having such a function are small (how many times you had to configure the router without being at home?), And considerably increases the level of threat.

The appropriate level of wireless network security. If someone configures today a protocol on a lower level than WPA2 security, it should immediately return to reality. WPA2 and complex, niesłownikowe password security is an absolute basis. Access to the router administration interface takes place mostly from the local network, so it is good to use only by authorized users.

Changing default passwords. I think all routers come with a default password for the admin interface - it's worth it just in case changed to more complex (the new password in a safe place worth to save, because they are easy to forget using it once every two years). If the router was also set up by the supplier to the wireless network password (the practice of many Internet service providers), well worth it to modify it for longer and more complicated.

Software update. Whether original or alternative, you should periodically check whether or not released a new version, removing detected errors and problems. Unfortunately, the software update is not automatic, so you have to spend these few moments to sleep better at night.

You can also pick up wireless security by example. Hides her name or the introduction of filtering MAC addresses of devices, but these activities only a little difficult to carry out a potential attack and may reduce the comfort of using the network, so it is always worth considering before you turn all possible precautions in the admin panel .