User comments on ISPs
  >> BT Broadband


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | (show all)   Print Thread
Standard User Schrodingers_Cat
(experienced) Mon 03-Feb-14 01:57:30
Print Post

Router Log Full Of Remote Admin Requests


[link to this post]
 
Am I the only person whose BT HUB 5 router log is packed with blocks on remote admin ? They seem to be all from addresses in China. There's about 200 in my router log today.

Also getting lots of blocks that say 'spoofing protection'.
Administrator MrSaffron
(staff) Mon 03-Feb-14 10:23:35
Print Post

Re: Router Log Full Of Remote Admin Requests


[re: Schrodingers_Cat] [link to this post]
 
The press of late with holes in CPE probably means 2nd tier hackers are enjoying scanning the world to find open devices.

Andrew Ferguson, andrew@thinkbroadband.com
www.thinkbroadband.com - formerly known as ADSLguide.org.uk
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User stniuk
(experienced) Mon 03-Feb-14 12:34:49
Print Post

Re: Router Log Full Of Remote Admin Requests


[re: MrSaffron] [link to this post]
 
I seem to remember an experiment that was performed a while ago.
The put an unprotected PC, think it was running xp, on the internet.
It took less than ten minutes for it to be compromised.


Register (or login) on our website and you will not see this ad.

Standard User Schrodingers_Cat
(experienced) Mon 03-Feb-14 12:36:20
Print Post

Re: Router Log Full Of Remote Admin Requests


[re: MrSaffron] [link to this post]
 
Should I worry about it ? I mean, just checked my log this morning and since 3am there are 52 blocked remote administration records. Many of them from the same IP address ( in China ) over and over again.
Standard User Schrodingers_Cat
(experienced) Mon 03-Feb-14 12:42:18
Print Post

Re: Router Log Full Of Remote Admin Requests


[re: stniuk] [link to this post]
 
I recall visiting a website that said a PC logon password of 7 characters could be correctly guessed by some hacking equipment in as little as 2 seconds. I since increased it to 16 characters.

I know that logon password is relevant for home network....but is that also the case for someone hacking the router from outside ?
Standard User Oliver341
(eat-sleep-adslguide) Mon 03-Feb-14 12:45:25
Print Post

Re: Router Log Full Of Remote Admin Requests


[re: stniuk] [link to this post]
 
In reply to a post by stniuk:
I seem to remember an experiment that was performed a while ago.
The put an unprotected PC, think it was running xp, on the internet.
It took less than ten minutes for it to be compromised.

The sasser worm. After a machine with a clean XP install with no update patches was connected directly to the internet without NAT, it would get infected well before Automatic Updates could download and install the patch to disable the security hole.

Of course since that time Windows has shipped with a firewall enabled by default post-install, making this type of infection impossible. In addition, NAT-ed IPv4 routers which are much more common now than they were then, will not allow the traffic through without an explicit port forwarding rule.

Oliver.
Administrator MrSaffron
(staff) Mon 03-Feb-14 13:59:11
Print Post

Re: Router Log Full Of Remote Admin Requests


[re: Schrodingers_Cat] [link to this post]
 
Depends on what ports are available from the outside world

Andrew Ferguson, andrew@thinkbroadband.com
www.thinkbroadband.com - formerly known as ADSLguide.org.uk
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Administrator MrSaffron
(staff) Mon 03-Feb-14 14:01:11
Print Post

Re: Router Log Full Of Remote Admin Requests


[re: Schrodingers_Cat] [link to this post]
 
The Internet is like this all the time, i.e. odd things going on and some routers report them and some don't.

So long as you keep remote admin access turned off and DO NOT DMZ a machine you should be fine. The layered approach to security, i.e. still running software firewalls will protect your computers if ever someone found a hole in the router.

Andrew Ferguson, andrew@thinkbroadband.com
www.thinkbroadband.com - formerly known as ADSLguide.org.uk
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User jchamier
(eat-sleep-adslguide) Mon 03-Feb-14 19:17:45
Print Post

Re: Router Log Full Of Remote Admin Requests


[re: Schrodingers_Cat] [link to this post]
 
Its often known as "internet background radiation". Viz:

http://www.virusbtn.com/conference/vb2012/abstracts/...

http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10....

James BT Infinity 2 19/09/2012 - Sold 42/6 - Getting 49/8.5 - Sync 53 / 9.5 Mbps @ 470m approx
14 years of broadband (ntl: cable to BT FTTC) - Router: Asus RT-N66U - Modem: Huawei HG612 speedtest
Standard User Galoka
(learned) Tue 04-Feb-14 08:34:27
Print Post

Re: Router Log Full Of Remote Admin Requests


[re: Schrodingers_Cat] [link to this post]
 
In reply to a post by Schrodingers_Cat:
I recall visiting a website that said a PC logon password of 7 characters could be correctly guessed by some hacking equipment in as little as 2 seconds. I since increased it to 16 characters.

I know that logon password is relevant for home network....but is that also the case for someone hacking the router from outside ?


If you mean, can someone crack the router password.

In a standard setup, the router should not respond to attempts to access it's admin interface from outside, so the strength of password doesn't matter that much. This is normally the default setup. If however, remote access to the router admin is enabled then yes yoiu are relying on strength of the router password.

It quite normal to see all sorts of scans and probes in router logs, looking for open machines, or trying default passwords etc. But it's unlikely that anyone is going to bother trying to crack a router admin password anyway, they will jsut wait until they find an unprotected machine
Pages in this thread: 1 | 2 | (show all)   Print Thread

Jump to