Soooo the story starts this way: I lend my linksys WRT54G router to this friend for her house, since my new house already has a router. I don't have the driver cd, but thats not an unsurmountable problem, since most routers allow you to log in to them using wirelessly, by using a web browser and directing it to the router's IP address. So far so good: only, I forget the router's password that I had set up a long while back.
Even this is something that must be fairly common, since almost all routers come with a reset switch, that completely brainwashes the router and resets it to the default value. The user name and password are standard for manufactures:for example, linksys uses a blank user name and "admin" as the password (This is not a secret :) ).
Well, armed and comforted by this, I go ahead and reset the router. It reboots again, to bring up the default wireless network called "Linksys" on wireless channel 6. So far, so good. Next step, to log in to the router and set up the network. The Default router address is 192.168.1.1. So I hit "http://192.168.1.1" in firefox to have the log in dialog come up.. I enter the default user name and password, and I wait for the management page to come up: It sure does, but it takes time.. fishy, Since I am sitting right next to the router, so there shouldn't be any packet losses ( Delay is normally because of the packet losses; packet losses occur normally because the signal is attenuated a great deal before it comes to the laptop and laptop can't understand what is being whispered)
Hmm.. I think, may be my router is rusted..then again, being a software person (and having more faith in hardware people than us software folks), I think that I should check the Signal-to-noise ratio to see if the signal to the laptop is really that low or if its something wrong with the laptop, or just if its a momentary jitter in signals (Such jitters happen all the time, since many devices operate in the same frequency band). Soo I fire up the old reliable Network Stumbler, to see the networks that my machine can hear, and their summary (See screenshot below).
And here comes the punch line: to my horror, I see two Linksys networks!! aah... there is some person who is running a Linksys network in the neighbourhood. This sets my pulse beating: Did I get into the other person's router by mistake? Only one sure way to check it: I bring up the MAC address of the router on the management page, and check it against the one that is labelled on the back side of my router. (For those not in the know, A MAC address is an address that each network device has, that uniquely identifies the device in the whole wide world). They don't match: I am into someone else's router; I wouldn't imagine in my dreams that it would be so easy to hack into a router..I cautiously back out -- making sure that I disturb none of his/her settings..
I speculated on what must have happened:
>I asked my laptop to connect to Linksys just before my finished booting and the network came up, it connected to the other linksys in the meanwhile.
>The other networks' router had the default router address 192.168.1.1
>The other networks' router was lying wide open, with the default user name and password, and hence I got into it..
Hmm: someone kept a password that you knew: whats the big deal? its just a router right? It is, and thats whats so scary: Here's what I could have done if I wanted to do mischief.. I could have completely hijacked the person's network if I was malicious:
- I could have changed the network name to something else and the channel on which it works, so that that person wouldn't have a clue about where his network disappeared. A lay person would think that his router died, while someone else would be happily using it. The only way to detect a hijacked router would be to use network stumbler and see if MAC addresses of any of the broadcasting networks match the one on the backof his router.
- I could change the default IP address of the router and then that person would have to figure out what was the routers address amongst thousands, to be able to do any changes..without resetting it.
- I could change the router password: this would make it impossible for the person owning the network to log in to the router, except by resetting it.
- I could make the network secure by turning on encryption, which would make it very hard for that person to connect to it
- I could leave the network open for the person to use, but could use the logging mechanism to get details on what any other user on the network is seeing.
All of these are scary possibilities. And its easily avoidable: stay away from the defaults.
More to come on this :)
2 comments:
ya, it was a revelation to me that it cld be so easy.
I agree :). I thought hackers were people who were cooler than me ;-)
Post a Comment