farrol Posted August 28, 2010 Share Posted August 28, 2010 (edited) Warning for everybody with TOT ADSL and their wireless modem-router TPLINK W8901G: By default it is wide open for hackers from the outside. They can use the default username/password as printed in the router manual and hack into your local network or also make the router unusable. Crazy for an ISP to deliver a router with default username/password open to the outside world. And even worse: It is not easy for the user to fix this: 1. I could not find an easy option to forbid administrative access to the outside world 2. If you log in as advanced user (username "tot" as printed in the manual) you can change the default password. BUT: The quick setup wizard username "admin" apparently cannot be changed. Madness. The only solution I found is: - login as advanced user "tot" (see printed manual for password) - goto menu "Advanced Setup" / NAT - click on "Virtual Server" - enter a new HTTP_Server - rule and direct to a non-existing host, e.g. 192.168.1.249 (have a look at attached screenhot, see rule #2) Then incoming requests from the outside world will be directed to nirvana. Also I would recommend to change at least the advanced user's "tot" password. Hope that helps, Farrol Edited August 28, 2010 by farrol Link to comment Share on other sites More sharing options...
siamect Posted August 28, 2010 Share Posted August 28, 2010 TOT is not the only one... True has been doing the same... Usually their Zyxel routers are possible to get into using admin/admin from the WAN side... absolutely crazy... and they also "forget" to set any encryption on the Wifi... Have a cup of coffe... Martin 1 Link to comment Share on other sites More sharing options...
Supernova Posted August 28, 2010 Share Posted August 28, 2010 Instead of fiddling around with the settings, just do a firmware upgrade and be done with it. If the Web UI doesn't allow firmware upgrades, use TFTP. Link to comment Share on other sites More sharing options...
siamect Posted August 28, 2010 Share Posted August 28, 2010 Instead of fiddling around with the settings, just do a firmware upgrade and be done with it. If the Web UI doesn't allow firmware upgrades, use TFTP. Good idea but that alone would not set a decent password or enable WPA2... Link to comment Share on other sites More sharing options...
lomatopo Posted August 28, 2010 Share Posted August 28, 2010 Yes, that router seems to have TOT-specific firmware. I might consider flashing that with the generic TP-Link firmware. The second step in the TP-Link User Guide suggests you change the administrative password. I think the "Access Management" tab, specifically "ACL" can be used to limit all sorts of access to the router. Obviously you should enable some sort of wireless security when you enable the WLAN function. Can you manage this router over the WiFi interface? Some models specifically disallow this, some require you to change a default setting to allow this. Link to comment Share on other sites More sharing options...
Crushdepth Posted August 28, 2010 Share Posted August 28, 2010 It's not just TOT, I've come across a few Zyxel routers and others with remote administration enabled by default. Turn it off if possible and never leave the default password. Very irresponsible of manufacturers IMHO, quite shocking really. Link to comment Share on other sites More sharing options...
CobraSnakeNecktie Posted August 28, 2010 Share Posted August 28, 2010 they usually aren't route able addresses and or able to log in from outside.. The router might have a route able wan IP but the router will not allow telnet from the WAN side unless allow remote admin(or similar command) is enabled. Often the logging in interface is a 10.x.x.x or 192.x.x.x network. Those are called legal illegals and the controlling routers on the internet will drop packets with those addresses to the bin. Try logging onto your neighbors router. Usually just hangs. They want it to be easy to get in it from a machine on your LAN so that you don't have to pester them for passwords. Obviously if someone has a non secured Wifi network then any machine using that wireless LAN Could use the default username/password info based on some basic snooping like wifi sniffer program. Definitely a necessity to secure a wireless network if the router is not configured for more security. Link to comment Share on other sites More sharing options...
siamect Posted August 28, 2010 Share Posted August 28, 2010 (edited) they usually aren't route able addresses and or able to log in from outside.. The router might have a route able wan IP but the router will not allow telnet from the WAN side unless allow remote admin(or similar command) is enabled. Often the logging in interface is a 10.x.x.x or 192.x.x.x network. Those are called legal illegals and the controlling routers on the internet will drop packets with those addresses to the bin. Try logging onto your neighbors router. Usually just hangs. They want it to be easy to get in it from a machine on your LAN so that you don't have to pester them for passwords. Obviously if someone has a non secured Wifi network then any machine using that wireless LAN Could use the default username/password info based on some basic snooping like wifi sniffer program. Definitely a necessity to secure a wireless network if the router is not configured for more security. usually??? I found two in less than... 1 minute right now... Zyxel with username passwd admin Edited August 28, 2010 by siamect Link to comment Share on other sites More sharing options...
CobraSnakeNecktie Posted August 28, 2010 Share Posted August 28, 2010 they usually aren't route able addresses and or able to log in from outside.. The router might have a route able wan IP but the router will not allow telnet from the WAN side unless allow remote admin(or similar command) is enabled. Often the logging in interface is a 10.x.x.x or 192.x.x.x network. Those are called legal illegals and the controlling routers on the internet will drop packets with those addresses to the bin. Try logging onto your neighbors router. Usually just hangs. They want it to be easy to get in it from a machine on your LAN so that you don't have to pester them for passwords. Obviously if someone has a non secured Wifi network then any machine using that wireless LAN Could use the default username/password info based on some basic snooping like wifi sniffer program. Definitely a necessity to secure a wireless network if the router is not configured for more security. usually??? I found two in less than... 1 minute right now... Zyxel with username passwd admin how are you connecting to them? telnet over a WAN? What is the IP address ? or by Wifi? Link to comment Share on other sites More sharing options...
siamect Posted August 28, 2010 Share Posted August 28, 2010 they usually aren't route able addresses and or able to log in from outside.. The router might have a route able wan IP but the router will not allow telnet from the WAN side unless allow remote admin(or similar command) is enabled. Often the logging in interface is a 10.x.x.x or 192.x.x.x network. Those are called legal illegals and the controlling routers on the internet will drop packets with those addresses to the bin. Try logging onto your neighbors router. Usually just hangs. They want it to be easy to get in it from a machine on your LAN so that you don't have to pester them for passwords. Obviously if someone has a non secured Wifi network then any machine using that wireless LAN Could use the default username/password info based on some basic snooping like wifi sniffer program. Definitely a necessity to secure a wireless network if the router is not configured for more security. usually??? I found two in less than... 1 minute right now... Zyxel with username passwd admin how are you connecting to them? telnet over a WAN? What is the IP address ? or by Wifi? Ill pm you... Link to comment Share on other sites More sharing options...
farrol Posted August 28, 2010 Author Share Posted August 28, 2010 they usually aren't route able addresses and or able to log in from outside.. Unfortunately not the case. I was able to login to my TOT router in BKK from a machine in Europe. Link to comment Share on other sites More sharing options...
siamect Posted August 28, 2010 Share Posted August 28, 2010 they usually aren't route able addresses and or able to log in from outside.. Unfortunately not the case. I was able to login to my TOT router in BKK from a machine in Europe. And you are sure it is yours and not your neighbors? i just scanned my whole /24 subnet and it is a lot more than half of them that still have the password admin.... Link to comment Share on other sites More sharing options...
lomatopo Posted August 29, 2010 Share Posted August 29, 2010 And you are sure it is yours and not your neighbors? i just scanned my whole /24 subnet and it is a lot more than half of them that still have the password admin.... That seems like a lot; I tried (telnet) 10 available IPs (after having scanned for them, including several I manage daily), only two presented a password prompt and neither were "admin" or "password". These routers get shipped wide open to make it easier for non-tech savvy consumers to set-up. Most include "wizards" which walk these folks through a complete set-up including changing the management username and password, configuring WiFi security, etc. I think if manufacturer's or ISP's chose/generated random passwords, and installed these on routers, such a system could be compromised at the source and might cause consumers to be even less aware of the security issues? Some steps I might recommend: If your router is free from the ISP then try to determine the manufacturer, model number, hardware revision and firmware revision. Consider buying your own router. Research potential routers by reviewing the user manuals. If not, consider changing the firmware to the generic version, rather than the potentially custom version the ISP might have installed. Read the user manual fully, maybe even twice. Look for it on the manufacturer's website. Pay particular attention to the administrative (or management) sections, regarding changing the administrative username (if you can, on some models you cannot change this) and password, disabling remote management via LAN and WiFi, disabling telnet, setting up WiFi security. Change the administrative username and password. Disable telnet, remote management, management via WiFi, remote upgrade, SNMP,IGMP. Set up WiFi security, maybe WPA-PSK with a complex pass-phrase; change this every 15 to 30 days. Limit access via MAC addresses of your PC(s). Use a port scanner (e.g.: Shields Up) to look at your IP address, make sure port 23 (telnet) is closed. Try to telnet into your IP address. cmd-->telnet nnn.nnn.nnn.nnn Check your router a few times a day to see if you recognize the IP addresses. Check the router's log for unusual activity. Re-boot the router on the 12-hour (mark halfway through the ISP's 24 hour cycle) to get a different IP address. 1 Link to comment Share on other sites More sharing options...
siamect Posted August 29, 2010 Share Posted August 29, 2010 That seems like a lot; I tried (telnet) 10 available IPs (after having scanned for them, including several I manage daily), only two presented a password prompt and neither were "admin" or "password". Set up WiFi security, maybe WPA-PSK with a complex pass-phrase; change this every 15 to 30 days. Very well written... I would recommend you to turn off all computer except one when you play with the router settings and choose a computer that you don't care much about but is well protected. The reason for this warning is that you may have setting like DMZ or firewalls disabled before you get everything setup correctly. Maybe I'm paranoid... I would use WPA2 instead of WPA, No reason to use weaker encryption... I know some older WinXP are having trouble with WPA2 but you can download the upgrade from MS... I think it is not done automatically but they may have changed their policy. Basically all ports should be blocked and show green in ShieldsUP. If you disable the Firewall (warning!!!!) in the router and test again they should show blue. If anything still show green it means that it is blocked somewhere else like the ISP... Don't forget to enable the firewall in the router again and test. It should be green. If you have deliberately enabled stuff like your own web-server or ssh, they will show red in ShieldsUp... but if you do that you probably know what you are doing anyway... Martin 1 Link to comment Share on other sites More sharing options...
neverdie Posted August 29, 2010 Share Posted August 29, 2010 Wow, you guys are great for info. Thanks for the tips. Link to comment Share on other sites More sharing options...
Tomissan Posted August 29, 2010 Share Posted August 29, 2010 Wow, you guys are great for info. Thanks for the tips. Yes indeed, some very good and useful information. Does this include the use of a wired router or only for wifi/wireless router? Link to comment Share on other sites More sharing options...
siamect Posted August 29, 2010 Share Posted August 29, 2010 Wow, you guys are great for info. Thanks for the tips. Yes indeed, some very good and useful information. Does this include the use of a wired router or only for wifi/wireless router? You have a similar situation... the wifi router we usually have are simplified three main things.... Modem Router/Firewall Wifi access point (you can break it down in smaller part too...) All of them have their settings... so if you just remove the wifi part you still have the router and modem part left, and they have their configurations that need to be protected. Martin Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now