Who's using my router?
 

. . . if anybody.

On the Motorola NVG 510 from AT&T, I used to see one green on, plus my data-flow indication. When my wife came online in 'tother room, then 3rd light flickered with her flow. Now it's on all the time and I'm mindful someone is perhaps locked onto my unit.

WEP 2 something with a longish password/number.


How can I tell what's actually happening with my system? I have inSSIDer and it shows no suspicious local signals. But I'm still not sure I'm alone!

Do you have ZoneAlarm?

That's usually a good indicator of activity from the tray icon. Also, you can set it to stop all internet activity while you watch those LEDs.

You could log into the router and check the logs.

WEP or WPA ?

You want the strongest WPA option, don't have anything to do with WEP.

Log In ??

when I tried it asked for a user name and password

I know what the router name is visible to others and I know that password but that doesn't seem to be enough to cover the request for a user name and password.

When I set this up would I have used something different in this requirement?

I suppose that if I posted my iP address in this post most of you would already be into my router with little problem :E

Routers have a default user name and password which anyone can find in 30 seconds. Unless you were smart and changed them of course.

Ooops . . . good point.

One's memory is somewhat diminished these days. I hope it's because of hours or writing, but time was, I could remember every password for everything.

My Black Armor Ethernet backup is wide open to anyone savvy enough. That's another weak spot.

That third light, having been on for hours, went off after rebooting the router. It's still off. It's almost as though use of a remote computer trips it into action, and if activity stops on a blink, then that stays that way. Pity, I used to seen when the Rivetess entered her den and knew I was safe to open another bottle.

Log into it for a log? Since this Motorola arrived I've not done that. Looking . . .

Zone Alarm? One will read up on it, but rushing to get ready for a long stay back home.

are you and your wife both wireless? Or is one of the PCs connected with a network cable?
and exactly which lights are on? Number them left to right and describe the symbols or lettering against them.




PS that router appears to have the reputation of being a crock of ****
Motorola's NVG510 DSL modem... not very good

Motorola NVG510 help page for AT&T U-Verse users | Ron Berman @ Haas


Note this comment from the first link:
"Next, the user interface: Quite extraordinarily, much of the NVG510's user interface isn't, and can't be, password protected though other sections of the user interface are protected by what Motorola calls an "access code". The first thing you see when you load the root page in your browser is way more detail than you'd expect, such as the wireless SSID and the network key in plain text! "
That means no security even if you have WPA2 enabled as anyone can read the password.......

I knew that but I had incorrectly assumed that when I identified my server (to others) and then restricted it to my known only to me password that I was overriding what it came with.

OK I have now typed in the user name as "admin" and the password as "password" and it brought up the Netgear wizard and I was able to view the last page or so of logs. The useage seemed to correspond with what I had done and the only thing that bothered me was my useage yesterday from my hospital bed (their public wifi) where my useage had the words DOS "attack" whatever that means.

Summary: I assume that my server name and its secret password are meaningless if somebody comes into my router using my IP along with the router default user name and "password" and decides to reset everything.

Is that true?

If I want to do the same to my neighbors a couple of streets away can I just try a couple of IP addresses and see if I get in?. Then I suppose I would have to change the password for their ISP connection to something I know and they would be screwed until they figured out how to reset their router?

If they called a tech he would be smart enough to see my strange ISP assigned IP in the logs but they wouldn't know me by name ?

precisely, assuming remote access to the router is enabled

even if its not, some models enable access through relatively minor hacks like buffer overflows....

I'm on wired, and anyone else is wireless. It seems number 3 is correct, but the Rivetess is hundreds of miles away. Having said that, it still hasn't come on.

Broadband and service are always steady unless it's booting.

As per:


Google Image Result for


I must be a bit careful at the moment, as I'm reliant on my system for airline tickets etc.

When I get back, I'll have to have words with AT&T. The security of this system sounds accurately described as ****.

So you immediately went into the 'Maintenance' or 'Security' page and reset the password? Yes?

Not if you've done the above, Shirley?

I'm debating this.

Right now I'm tracking my logs to see if anyone has been probing like I do on their routers. At my rate of usage it would be obvious if my router got reset.

The above #1 post should be a lesson to all. I still use my good old Freeserve/Orange/EE 'clam shell modem' broadband with filter to my phone line. It'll still download a movie a lot faster than the namby pandy WiFi :cool: We should all return to modems connected to phone line. Three or more phone sockets plus filters saves all the hassle of other people 'piggy backing' your WiFi

I fear people are grasping the latest tech without thinking of the complications involved. There have been news items today on the net with concerns (don't bring mobile phones into this post) as to the radiation aspects of WiFi radiation in the long term in homes.

Daz

I'm not worried about radiation in my home. We have plenty of tinfoil in the cupboards should the need arise. Course the cat is getting cranky with time.

Course the cat is getting cranky with time.

With time, we all get cranky. Try getting it a TARDIS.

Frankly I doubt whether any form of router setup guarantees that nobody will ever hack it. There are some really clever people out there and most of them appear to be working for the dark side.

Use a M.A.C address filter

Snigger. Airodump-ng/airocrack-ng then spoof.

Vercingetorix ....

Waste of time if there are any Linux boxes around. You can assign arbitrary MAC addresses to interfaces,

I've got WPA-2 turned on, but it occurs to me that it's a waste of effort. I haven't seen a suspicious person or vehicle in my drive or garden in years (and that was my daughter).

I suppose a determined hacker with a good beam aerial might be able to reach the WiFi from the road, but it's low risk.

Wow, has Linux caught up with Windows, then? :p

SD

If you listen carefully, you can hear the little voice trailing along behind you muttering % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"

UNIXMAN
Interesting, I thought that the M A C address filter function in the router settings only allowed those computers which had the M A C addresses listed and locked into the router access to the router.
Following some not so deep thought I now understand that a particular listed filtered computer sends out its MAC unencrypted, so someone could capture that address and use it to by-pass the MAC filtering.

Cheers

MAC address filtering is a total waste of time

Not quite. It means my various devices always have the same IP address on the network, so I can upload updated datafiles to them without having to find out what today's IP address is. I have a couple of bookmarks called "iPad" and "iPhone".

That's done by the router recognising their MAC addresses and giving them their fixed IPs.

thats not MAC filtering
its static DHCP - a different animal

Or "reservation" in MS speak.

SD

Maintenance Login
 

One concern I have with people leaving the default maintenance login (admin/password) in place is access from the Internet side.

You can configure WPA or whatever to secure your WiFi side. But there may be Evil Things people can do if they can get in to your router from the public side. Turning on or off some features to use it as a zombie proxy node, for example. That will allow them to anonymize their (probably illegal) activities through your home location. Or just get in and break things.

I've been spurred into setting proper passwords, but I doubt that would stop the serious geeks.

I used to turn the old router off with the rest of the kit, but this Motorola takes an age to fire up. The technician that came round to tend to something said most people leave them on 24/7

I often go into people's houses and see dozens of LEDs glowing away. They happily go away for weeks with all this kit left on.

Older versions of Zone Alarm's tray icon gave a fairly reliable indication of traffic, but later (v9 onwards) don't. It still flashes some of the time, but often stays motionless even when I know I am downloading something. I saw plenty of complaints on their forum when this retrograde step was introduced. Even more irritatingly the old Netgear DG 834 router had a re-assuring flashing "traffic" LED, yet on my newer DGN 2200 all the lights remain constant, regardless of activity. It also takes much longer to boot up...

"MAC address filtering is a total waste of time"

Milo, care to elaborate? I'm always willing to learn! I do have static DHCP as well.

The problem is that the MAC addresses of legitimate wifi users on a WLAN can be "sniffed" and then very easily spoofed. All PC NICs - wired and wireless - that I've come across can have the MAC address manually set. There are several valid reasons for needing to do this, plus some not so legitimate!

SD

You can try Wireless Network Watcher, free software from Nirsoft (who makes lots of free utilities). It basically reports all connected devices, wired as well as wireless, and highlights "unknown" devices. Might be useful to see if there is any unauthorized access.

I wonder what would show up in a hotel or airport lobby, would it identify any user.

@ SD - thanks.

@ Mark in CA - thanks also. A handy little utility, particularly as it doesn't need installing.