Agreed. In this case I can assure you that the password was not common and as a matter of standard procedure I always turn off UPnP.
The end result was the same as described in Shawns case. SSID was 'jumpstart###' I am wondering if this is the result of someone leveraging a vulnerability that has been known for some time that allows an attacker to cause the router to reset itself using factory defaults - of course then the password is really difficult to guess - and then resets the SSID. I have always shyed away from D-LINK for extreme dislike of their configuration menu, and have been using IPCOP and then DD-WRT for some time now. So I am not that familiar. Previous versions of these routers had a feature called 'Jumpstart' (something to do with easy and secure config?) Does anyone know if using this would by 'default' affect SSID? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gustin Johnson Sent: Wednesday, July 23, 2008 2:24 AM To: CLUG General Subject: Re: [clug-talk] IP-Cop ~ sort of. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Turn off UPnP. Seriously, it is not a good idea. There are also virus/worms/etc in the wild that can do screen scraping of your router (ie. they actually connect to the web interface and try common user names and passwords). So, turn off UPnP and choose a password that is not common and is not found in a dictionary. Andrew Anderson wrote: | A word to the weary with all this talk of wireless routers and green | networks... | | Most of you are likely aware there are common authentication bypass | vulnerabilities on these consumer routers. | | I have now had one hit very close to home... A family member opened an | email which we believe to have been the culprit (who knows?). It wasn't | long before her antivirus was freaking out, but not before her wireless | access points SSID had been mysteriously changed. I had personally secured | the AP myself with WPA2 and a sizable passphrase on my last visit. I had | also secured the AP itself with a long, secure password. | | No real harm done. The machine is being cleaned before going on another | network and other precautions taken. Since the machine is in BC, I cannot | attempt any forensics :-( | | Again, a word to the weary... check your firmware versions. | | | Regards, | | Andrew. | | | -----Original Message----- | From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf | Of Shawn | Sent: Tuesday, July 22, 2008 10:33 PM | To: CLUG General | Subject: Re: [clug-talk] IP-Cop | | TekBudda wrote: |> IIRC connecting a LAN port from the WiFi router to the green card would |> pass through any DHCP information coming from the network provide the |> router DHCP server was disabled. Now connecting through a blue NIC, is |> there anything special I need to do? Is it possible to provide the two |> levels of access? | | connecting your access point to the green network would result in that | access point potentially having the same access as wired network drops. | In short you are just adding wireless access to the green side of | things. Sometimes this is all you really need though - with some | reasonable percautions (like a password required) on the access point. | | Connecting the access point to the blue network is treating the wireless | side as a completely different subnet. NOW you can lock down the blue | and restrict what they can see - typically this just means they have | Internet access (via the blue -> red network). Setting up blue -> green | type connections (or orange -> green even) takes a little more work. | There is a plugin to provide this type of access, and/or you might be | able to do it via port forwarding... But it would take more effort. | |> The thing is that this is an office of about 15-20 people (at max) and |> the traffic is primarily web & e-mail. I would have thought that a 1 |> GB CPU with even 256 MB RAM would have been more than adequate to handle |> that kind of load, but I could be wrong. I am basing this on the little |> gNet router that we are currently using now on a business DSL connection |> at the end of a long loop. I could be wrong though. | | My network consists of a similar box for the IPCop service. I have all | of 4 boxes possibly running simultaneously. My server (24/7), my | workstation, and two laptops in the house. My box cannot do the VPN and | the IDS reliably. one or the other gets dropped sooner or later if I | enable both. This suggests that adding in filtering, would require a | beefier box in my case. | | Seeing as you are not doing the VPN, this may be a non-issue for you. | | Shawn | | _______________________________________________ | clug-talk mailing list | [email protected] | http://clug.ca/mailman/listinfo/clug-talk_clug.ca | Mailing List Guidelines (http://clug.ca/ml_guidelines.php) | **Please remove these lines when replying | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIhuq1wRXgH3rKGfMRAoG8AKCwd9pWFvCO5YSitMhxg8HqFCr2EwCgquCd c88uC716iDrELu6sQHQ7Ewk= =59lX -----END PGP SIGNATURE----- _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying -- This message has been scanned for viruses and dangerous content by the Cistra MailScanner and is believed to be clean. _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
