Router Log Full Of Remote Admin Requests

Am I the only person whose BT HUB 5 router log is packed with blocks on remote admin ? They seem to be all from addresses in China. There's about 200 in my router log today.

Also getting lots of blocks that say 'spoofing protection'.

The press of late with holes in CPE probably means 2nd tier hackers are enjoying scanning the world to find open devices.

I seem to remember an experiment that was performed a while ago.
The put an unprotected PC, think it was running xp, on the internet.
It took less than ten minutes for it to be compromised.

Should I worry about it ? I mean, just checked my log this morning and since 3am there are 52 blocked remote administration records. Many of them from the same IP address ( in China ) over and over again.

I recall visiting a website that said a PC logon password of 7 characters could be correctly guessed by some hacking equipment in as little as 2 seconds. I since increased it to 16 characters.

I know that logon password is relevant for home network....but is that also the case for someone hacking the router from outside ?

In reply to a post by stniuk:

I seem to remember an experiment that was performed a while ago.
The put an unprotected PC, think it was running xp, on the internet.
It took less than ten minutes for it to be compromised.

The sasser worm. After a machine with a clean XP install with no update patches was connected directly to the internet without NAT, it would get infected well before Automatic Updates could download and install the patch to disable the security hole.

Of course since that time Windows has shipped with a firewall enabled by default post-install, making this type of infection impossible. In addition, NAT-ed IPv4 routers which are much more common now than they were then, will not allow the traffic through without an explicit port forwarding rule.

Depends on what ports are available from the outside world

The Internet is like this all the time, i.e. odd things going on and some routers report them and some don't.

So long as you keep remote admin access turned off and DO NOT DMZ a machine you should be fine. The layered approach to security, i.e. still running software firewalls will protect your computers if ever someone found a hole in the router.

Its often known as "internet background radiation". Viz:

http://www.virusbtn.com/conference/vb2012/abstracts/...

http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10....

In reply to a post by Schrodingers_Cat:

I recall visiting a website that said a PC logon password of 7 characters could be correctly guessed by some hacking equipment in as little as 2 seconds. I since increased it to 16 characters.

I know that logon password is relevant for home network....but is that also the case for someone hacking the router from outside ?

If you mean, can someone crack the router password.

In a standard setup, the router should not respond to attempts to access it's admin interface from outside, so the strength of password doesn't matter that much. This is normally the default setup. If however, remote access to the router admin is enabled then yes yoiu are relying on strength of the router password.

It quite normal to see all sorts of scans and probes in router logs, looking for open machines, or trying default passwords etc. But it's unlikely that anyone is going to bother trying to crack a router admin password anyway, they will jsut wait until they find an unprotected machine