User comments on ISPs
  >> BT Broadband


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | (show all)   Print Thread
Standard User Schrodingers_Cat
(experienced) Mon 03-Feb-14 01:57:30
Print Post

Router Log Full Of Remote Admin Requests


[link to this post]
 
Am I the only person whose BT HUB 5 router log is packed with blocks on remote admin ? They seem to be all from addresses in China. There's about 200 in my router log today.

Also getting lots of blocks that say 'spoofing protection'.
Administrator MrSaffron
(staff) Mon 03-Feb-14 10:23:35
Print Post

Re: Router Log Full Of Remote Admin Requests


[re: Schrodingers_Cat] [link to this post]
 
The press of late with holes in CPE probably means 2nd tier hackers are enjoying scanning the world to find open devices.

Andrew Ferguson, [email protected]
www.thinkbroadband.com - formerly known as ADSLguide.org.uk
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User stniuk
(experienced) Mon 03-Feb-14 12:34:49
Print Post

Re: Router Log Full Of Remote Admin Requests


[re: MrSaffron] [link to this post]
 
I seem to remember an experiment that was performed a while ago.
The put an unprotected PC, think it was running xp, on the internet.
It took less than ten minutes for it to be compromised.


Register (or login) on our website and you will not see this ad.

Standard User Schrodingers_Cat
(experienced) Mon 03-Feb-14 12:36:20
Print Post

Re: Router Log Full Of Remote Admin Requests


[re: MrSaffron] [link to this post]
 
Should I worry about it ? I mean, just checked my log this morning and since 3am there are 52 blocked remote administration records. Many of them from the same IP address ( in China ) over and over again.
Standard User Schrodingers_Cat
(experienced) Mon 03-Feb-14 12:42:18
Print Post

Re: Router Log Full Of Remote Admin Requests


[re: stniuk] [link to this post]
 
I recall visiting a website that said a PC logon password of 7 characters could be correctly guessed by some hacking equipment in as little as 2 seconds. I since increased it to 16 characters.

I know that logon password is relevant for home network....but is that also the case for someone hacking the router from outside ?
Standard User Oliver341
(eat-sleep-adslguide) Mon 03-Feb-14 12:45:25
Print Post

Re: Router Log Full Of Remote Admin Requests


[re: stniuk] [link to this post]
 
In reply to a post by stniuk:
I seem to remember an experiment that was performed a while ago.
The put an unprotected PC, think it was running xp, on the internet.
It took less than ten minutes for it to be compromised.

The sasser worm. After a machine with a clean XP install with no update patches was connected directly to the internet without NAT, it would get infected well before Automatic Updates could download and install the patch to disable the security hole.

Of course since that time Windows has shipped with a firewall enabled by default post-install, making this type of infection impossible. In addition, NAT-ed IPv4 routers which are much more common now than they were then, will not allow the traffic through without an explicit port forwarding rule.

Oliver.
Administrator MrSaffron
(staff) Mon 03-Feb-14 13:59:11
Print Post

Re: Router Log Full Of Remote Admin Requests


[re: Schrodingers_Cat] [link to this post]
 
Depends on what ports are available from the outside world

Andrew Ferguson, [email protected]
www.thinkbroadband.com - formerly known as ADSLguide.org.uk
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Administrator MrSaffron
(staff) Mon 03-Feb-14 14:01:11
Print Post

Re: Router Log Full Of Remote Admin Requests


[re: Schrodingers_Cat] [link to this post]
 
The Internet is like this all the time, i.e. odd things going on and some routers report them and some don't.

So long as you keep remote admin access turned off and DO NOT DMZ a machine you should be fine. The layered approach to security, i.e. still running software firewalls will protect your computers if ever someone found a hole in the router.

Andrew Ferguson, [email protected]
www.thinkbroadband.com - formerly known as ADSLguide.org.uk
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User jchamier
(eat-sleep-adslguide) Mon 03-Feb-14 19:17:45
Print Post

Re: Router Log Full Of Remote Admin Requests


[re: Schrodingers_Cat] [link to this post]
 
Its often known as "internet background radiation". Viz:

http://www.virusbtn.com/conference/vb2012/abstracts/...

http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10....

James BT Infinity 2 19/09/2012 - Sold 42/6 - Getting 49/8.5 - Sync 53 / 9.5 Mbps @ 470m approx
14 years of broadband (ntl: cable to BT FTTC) - Router: Asus RT-N66U - Modem: Huawei HG612 speedtest
Standard User Galoka
(learned) Tue 04-Feb-14 08:34:27
Print Post

Re: Router Log Full Of Remote Admin Requests


[re: Schrodingers_Cat] [link to this post]
 
In reply to a post by Schrodingers_Cat:
I recall visiting a website that said a PC logon password of 7 characters could be correctly guessed by some hacking equipment in as little as 2 seconds. I since increased it to 16 characters.

I know that logon password is relevant for home network....but is that also the case for someone hacking the router from outside ?


If you mean, can someone crack the router password.

In a standard setup, the router should not respond to attempts to access it's admin interface from outside, so the strength of password doesn't matter that much. This is normally the default setup. If however, remote access to the router admin is enabled then yes yoiu are relying on strength of the router password.

It quite normal to see all sorts of scans and probes in router logs, looking for open machines, or trying default passwords etc. But it's unlikely that anyone is going to bother trying to crack a router admin password anyway, they will jsut wait until they find an unprotected machine
Standard User Galoka
(learned) Tue 04-Feb-14 08:42:20
Print Post

Re: Router Log Full Of Remote Admin Requests


[re: Oliver341] [link to this post]
 
Yup, some years back ( more than 10), we had a cable connection (then NTL, or maybe even C&W still). Single PC in the house, no router, just connected straight to the cable box.

One day, I reinstalled windows (probably 2000). I forgot to disconnect the machine from the cable box. It got infected with something (Blaster possibly, though I thought it was before that) pretty much as soon as it was installed, as I had no chance to install firewall
Standard User jchamier
(eat-sleep-adslguide) Tue 04-Feb-14 09:04:32
Print Post

Re: Router Log Full Of Remote Admin Requests


[re: Galoka] [link to this post]
 
In reply to a post by Galoka:
Yup, some years back ( more than 10), we had a cable connection (then NTL, or maybe even C&W still). Single PC in the house, no router, just connected straight to the cable box.

In 1999 I had NTL cable modem, on the trial. By mid 2000 I had bought a Linksys BEFSR41 the first real home NAT router.

Steve Gibson at GRC.com was hitting the airwaves hard in the US (cable internet was more established) about the dangers of no firewall etc. smile

James BT Infinity 2 19/09/2012 - Sold 42/6 - Getting 49/8.5 - Sync 53 / 9.5 Mbps @ 470m approx
14 years of broadband (ntl: cable to BT FTTC) - Router: Asus RT-N66U - Modem: Huawei HG612 speedtest
Standard User Schrodingers_Cat
(experienced) Fri 14-Feb-14 01:15:20
Print Post

Re: Router Log Full Of Remote Admin Requests


[re: Galoka] [link to this post]
 
"If you mean, can someone crack the router password."

No....I meant the PC itself. Surely even if someone does get into the router, they then have to pass the next hurdle of getting into individual PCs on the network. If I try to access my PC from my wife's laptop...which is also on the network...I get asked for user name and password.
Pages in this thread: 1 | 2 | (show all)   Print Thread

Jump to