Jump to content
You are not logged in ▶️ Click to sign-up or login ×

Warning: Tot Wireless Adsl Router Wide Open For Hackers

farrol

By farrol
in IT and Computers

 Share

Recommended Posts

farrol Senior Member

farrol

Posted
Posted (edited)

Warning for everybody with TOT ADSL and their wireless modem-router TPLINK W8901G:

By default it is wide open for hackers from the outside.

They can use the default username/password as printed in the router manual and hack into your local network or also make the router unusable.

Crazy for an ISP to deliver a router with default username/password open to the outside world.

And even worse: It is not easy for the user to fix this:

1. I could not find an easy option to forbid administrative access to the outside world

2. If you log in as advanced user (username "tot" as printed in the manual) you can change the default password. BUT: The quick setup wizard username "admin" apparently cannot be changed.

Madness.

The only solution I found is:

- login as advanced user "tot" (see printed manual for password)

- goto menu "Advanced Setup" / NAT

- click on "Virtual Server"

- enter a new HTTP_Server - rule and direct to a non-existing host, e.g. 192.168.1.249 (have a look at attached screenhot, see rule #2)

post-88282-020190800 1282972815_thumb.jp

Then incoming requests from the outside world will be directed to nirvana.

Also I would recommend to change at least the advanced user's "tot" password.

Hope that helps,

Farrol

Edited by farrol
Link to comment
Share on other sites
siamect Silver Member

siamect

Posted
Posted

TOT is not the only one... True has been doing the same...

Usually their Zyxel routers are possible to get into using admin/admin from the WAN side... absolutely crazy... and they also "forget" to set any encryption on the Wifi...

Have a cup of coffe...

Martin

  • Like 1
Link to comment
Share on other sites
lomatopo Star Member

lomatopo

Posted
Posted

Yes, that router seems to have TOT-specific firmware. I might consider flashing that with the generic TP-Link firmware.

The second step in the TP-Link User Guide suggests you change the administrative password.

I think the "Access Management" tab, specifically "ACL" can be used to limit all sorts of access to the router.

Obviously you should enable some sort of wireless security when you enable the WLAN function.

Can you manage this router over the WiFi interface? Some models specifically disallow this, some require you to change a default setting to allow this.

Link to comment
Share on other sites
Crushdepth Ruby Member

Crushdepth

Posted
Posted

It's not just TOT, I've come across a few Zyxel routers and others with remote administration enabled by default. Turn it off if possible and never leave the default password.

Very irresponsible of manufacturers IMHO, quite shocking really.

Link to comment
Share on other sites
CobraSnakeNecktie Platinum Member

CobraSnakeNecktie

Posted
Posted

they usually aren't route able addresses and or able to log in from outside.. The router might have a route able wan IP but the router will not allow telnet from the WAN side unless allow remote admin(or similar command) is enabled. Often the logging in interface is a 10.x.x.x or 192.x.x.x network. Those are called legal illegals and the controlling routers on the internet will drop packets with those addresses to the bin.

Try logging onto your neighbors router. Usually just hangs.

They want it to be easy to get in it from a machine on your LAN so that you don't have to pester them for passwords. Obviously if someone has a non secured Wifi network then any machine using that wireless LAN Could use the default username/password info based on some basic snooping like wifi sniffer program.

Definitely a necessity to secure a wireless network if the router is not configured for more security.

Link to comment
Share on other sites
siamect Silver Member

siamect

Posted
Posted (edited)

they usually aren't route able addresses and or able to log in from outside.. The router might have a route able wan IP but the router will not allow telnet from the WAN side unless allow remote admin(or similar command) is enabled. Often the logging in interface is a 10.x.x.x or 192.x.x.x network. Those are called legal illegals and the controlling routers on the internet will drop packets with those addresses to the bin.

Try logging onto your neighbors router. Usually just hangs.

They want it to be easy to get in it from a machine on your LAN so that you don't have to pester them for passwords. Obviously if someone has a non secured Wifi network then any machine using that wireless LAN Could use the default username/password info based on some basic snooping like wifi sniffer program.

Definitely a necessity to secure a wireless network if the router is not configured for more security.

usually???

I found two in less than... 1 minute right now...

Zyxel with username passwd admin

Edited by siamect
Link to comment
Share on other sites
CobraSnakeNecktie Platinum Member

CobraSnakeNecktie

Posted
Posted

they usually aren't route able addresses and or able to log in from outside.. The router might have a route able wan IP but the router will not allow telnet from the WAN side unless allow remote admin(or similar command) is enabled. Often the logging in interface is a 10.x.x.x or 192.x.x.x network. Those are called legal illegals and the controlling routers on the internet will drop packets with those addresses to the bin.

Try logging onto your neighbors router. Usually just hangs.

They want it to be easy to get in it from a machine on your LAN so that you don't have to pester them for passwords. Obviously if someone has a non secured Wifi network then any machine using that wireless LAN Could use the default username/password info based on some basic snooping like wifi sniffer program.

Definitely a necessity to secure a wireless network if the router is not configured for more security.

usually???

I found two in less than... 1 minute right now...

Zyxel with username passwd admin

how are you connecting to them? telnet over a WAN? What is the IP address ? or by Wifi?

Link to comment
Share on other sites
siamect Silver Member

siamect

Posted
Posted

they usually aren't route able addresses and or able to log in from outside.. The router might have a route able wan IP but the router will not allow telnet from the WAN side unless allow remote admin(or similar command) is enabled. Often the logging in interface is a 10.x.x.x or 192.x.x.x network. Those are called legal illegals and the controlling routers on the internet will drop packets with those addresses to the bin.

Try logging onto your neighbors router. Usually just hangs.

They want it to be easy to get in it from a machine on your LAN so that you don't have to pester them for passwords. Obviously if someone has a non secured Wifi network then any machine using that wireless LAN Could use the default username/password info based on some basic snooping like wifi sniffer program.

Definitely a necessity to secure a wireless network if the router is not configured for more security.

usually???

I found two in less than... 1 minute right now...

Zyxel with username passwd admin

how are you connecting to them? telnet over a WAN? What is the IP address ? or by Wifi?

Ill pm you...

Link to comment
Share on other sites
siamect Silver Member

siamect

Posted
Posted

they usually aren't route able addresses and or able to log in from outside..

Unfortunately not the case.

I was able to login to my TOT router in BKK from a machine in Europe.

And you are sure it is yours and not your neighbors? :lol:

i just scanned my whole /24 subnet and it is a lot more than half of them that still have the password admin.... :bah:

Link to comment
Share on other sites
lomatopo Star Member

lomatopo

Posted
Posted

And you are sure it is yours and not your neighbors? :lol:

i just scanned my whole /24 subnet and it is a lot more than half of them that still have the password admin.... :bah:

That seems like a lot; I tried (telnet) 10 available IPs (after having scanned for them, including several I manage daily), only two presented a password prompt and neither were "admin" or "password".

These routers get shipped wide open to make it easier for non-tech savvy consumers to set-up. Most include "wizards" which walk these folks through a complete set-up including changing the management username and password, configuring WiFi security, etc. I think if manufacturer's or ISP's chose/generated random passwords, and installed these on routers, such a system could be compromised at the source and might cause consumers to be even less aware of the security issues?

Some steps I might recommend:

If your router is free from the ISP then try to determine the manufacturer, model number, hardware revision and firmware revision.

Consider buying your own router. Research potential routers by reviewing the user manuals.

If not, consider changing the firmware to the generic version, rather than the potentially custom version the ISP might have installed.

Read the user manual fully, maybe even twice. Look for it on the manufacturer's website. Pay particular attention to the administrative (or management) sections, regarding changing the administrative username (if you can, on some models you cannot change this) and password, disabling remote management via LAN and WiFi, disabling telnet, setting up WiFi security.

Change the administrative username and password.

Disable telnet, remote management, management via WiFi, remote upgrade, SNMP,IGMP.

Set up WiFi security, maybe WPA-PSK with a complex pass-phrase; change this every 15 to 30 days.

Limit access via MAC addresses of your PC(s).

Use a port scanner (e.g.: Shields Up) to look at your IP address, make sure port 23 (telnet) is closed.

Try to telnet into your IP address. cmd-->telnet nnn.nnn.nnn.nnn

Check your router a few times a day to see if you recognize the IP addresses.

Check the router's log for unusual activity.

Re-boot the router on the 12-hour (mark halfway through the ISP's 24 hour cycle) to get a different IP address.

  • Like 1
Link to comment
Share on other sites
siamect Silver Member

siamect

Posted
Posted

That seems like a lot; I tried (telnet) 10 available IPs (after having scanned for them, including several I manage daily), only two presented a password prompt and neither were "admin" or "password".

Set up WiFi security, maybe WPA-PSK with a complex pass-phrase; change this every 15 to 30 days.

Very well written...

I would recommend you to turn off all computer except one when you play with the router settings and choose a computer that you don't care much about but is well protected.

The reason for this warning is that you may have setting like DMZ or firewalls disabled before you get everything setup correctly. Maybe I'm paranoid...

I would use WPA2 instead of WPA, No reason to use weaker encryption...

I know some older WinXP are having trouble with WPA2 but you can download the upgrade from MS... I think it is not done automatically but they may have changed their policy.

Basically all ports should be blocked and show green in ShieldsUP. If you disable the Firewall (warning!!!!) in the router and test again they should show blue. If anything still show green it means that it is blocked somewhere else like the ISP...

Don't forget to enable the firewall in the router again and test. It should be green.

If you have deliberately enabled stuff like your own web-server or ssh, they will show red in ShieldsUp... but if you do that you probably know what you are doing anyway...

Martin

  • Like 1
Link to comment
Share on other sites
siamect Silver Member

siamect

Posted
Posted

Wow, you guys are great for info. Thanks for the tips.

Yes indeed, some very good and useful information.

Does this include the use of a wired router or only for wifi/wireless router?

You have a similar situation... the wifi router we usually have are simplified three main things....

Modem

Router/Firewall

Wifi access point

(you can break it down in smaller part too...)

All of them have their settings... so if you just remove the wifi part you still have the router and modem part left, and they have their configurations that need to be protected.

Martin

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.





×
×
  • Create New...