Jump to content

Recommended Posts

Posted (edited)

Over the past few weeks we have had problems logging into our TOT Router (192.168.1.1). the only way to fix this was to reset the router. This would work for a few hours and then the login would fail.

I spoke to TP-Link helpdesk and they advised that I should exchange the router, so i went to the local TOT office. They advised me that the router had been hacked and gave me a new router with updated firmware. The new firmware has fixed the login problems (for now).

When you look on the web there are many articles about TP-Link and other routers being hacked.

http://arstechnica.com/security/2014/03/hackers-hijack-300000-plus-wireless-routers-make-malicious-changes/

So I thought a heads up may be of use to those who are using a TOT router and may be having problems logging in.

It would be a good idea to update the firmware on your routers, but to do this you need to be able to login to 192.168.1.1.

The model we have is TD-W8961ND

Edited by pj123
Posted

<script type='text/javascript'>window.mod_pagespeed_start = Number(new Date());</script>

My guess is that the main reason why your Router could be hacked would have been that you didn't disable Remote Management

http://www.tp-link.com/en/article/?faqid=66

A good idea when you get a new router is to run Shields Up!

https://www.grc.com/shieldsup

This will check your Router for open ports, you should aim for a result like this

attachicon.gif.pagespeed.ce.eFBhf2OPKe.ggrc.JPG

Ps: If you need help just shout !!

Just to add!

This is the response one should look for !

THE EQUIPMENT AT THE TARGET IP ADDRESS
ACTIVELY REJECTED OUR UPnP PROBES!

Posted

My guess is that the main reason why your Router could be hacked would have been that you didn't disable Remote Management

http://www.tp-link.com/en/article/?faqid=66

A good idea when you get a new router is to run Shields Up!

https://www.grc.com/shieldsup

This will check your Router for open ports, you should aim for a result like this

attachicon.gifgrc.JPG

Ps: If you need help just shout !!

I'm going to guess that you never read the link that PJ123 posted..

The attack vector uses Cross Scripting (XSS) to attack the router from your browser, that is, inside your LAN, so disabling remote management access will not prevent this attack.. Although, I would recommend disabling remote management..

I'd strongly recommend not using Internet Explorer and instead using Firefox, or maybe Chrome.. Install NoScript plugin. Not 100% secure but way better than the hackers fav : Internet Explorer

While some browser are fairly robust against Reflective XSS, other methods are more difficult to prevent..

Looking into using a better high quality router.. I use the BB suppliers default modem to connect, but internally I have a much better bit of kit to protect my network..

The BB suppliers modem is set to pass-through so all it does is create the ADSL connection, firewall, routing etc are processed on my internal router.

  • Like 1
Posted

My guess is that the main reason why your Router could be hacked would have been that you didn't disable Remote Management

http://www.tp-link.com/en/article/?faqid=66

A good idea when you get a new router is to run Shields Up!

https://www.grc.com/shieldsup

This will check your Router for open ports, you should aim for a result like this

attachicon.gifgrc.JPG

Ps: If you need help just shout !!

Thanks. Just changed password and Remote Access. Your link did not work but found this page: http://www.tplink.com/ir/article/?faqid=308

Is this correct? See screenshot:

post-13257-0-82730600-1397197302_thumb.p

Posted

Looks oke.

To completely confirm that it is closed, do the https://www.grc.com/shieldsup test

- When you enter that site, click on proceed

- On the next page click on Common Ports, you should aim for the same results as in my screenshot

After you have closed your ports, goto the shieldsup page again and click the "GRC's Instant UPnP Exposure Test" here you should look for

either what "thepool" posted in post #3 or

THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!
Posted

Looks oke.

To completely confirm that it is closed, do the https://www.grc.com/shieldsup test

- When you enter that site, click on proceed

- On the next page click on Common Ports, you should aim for the same results as in my screenshot

After you have closed your ports, goto the shieldsup page again and click the "GRC's Instant UPnP Exposure Test" here you should look for

either what "thepool" posted in post #3 or

THE EQUIPMENT AT THE TARGET IP ADDRESS

DID NOT RESPOND TO OUR UPnP PROBES!

Looks good.

When I ran the Common Ports test the ports are either "Stealth" or "Closed".

The UPnP Exposure test reported "Did not respond to our UPnP probes.

Thank you!

Posted

Good to hear !

Something else, I just wish that it was easier on Home Routers to check for new Firmware.

Of the 3 Routers I have only my Asus has the possibility to check for a new Firmware, for the other ones you have to download them from the Manufacturers website but you have to find them first, which can be challenging sad.png

Posted

Good to hear !

Something else, I just wish that it was easier on Home Routers to check for new Firmware.

Of the 3 Routers I have only my Asus has the possibility to check for a new Firmware, for the other ones you have to download them from the Manufacturers website but you have to find them first, which can be challenging sad.png

I agree. It is one of the reasons that home routers can be so easily hacked. Most of us are running on out of date firmware. My IP-Link router, like most, does not allow you to update the firmware wirelessly; you need to connect the router to a pc by cable. They need to make updating as easy as updating software on your pc or mac otherwise most people will just continue to run out of date, vulnerable firmware.

  • Like 1
Posted

I also have a TD-W8961ND and have been having problems all this week. Yesterday i gave up and reconnected an old router without wifi. The TPlink is my router, it does not belong to my ISP so i cannot exchange it. It was already running the latest firmware but that was dated 25/11/2011.

I was about to go out this morning and purchase a new router but if anyone has an idea how i can fix the TPlink, it would be appreciated. Failing that just recommend me a good router for home use.

Thanks

Posted (edited)

I also have a TD-W8961ND and have been having problems all this week. Yesterday i gave up and reconnected an old router without wifi. The TPlink is my router, it does not belong to my ISP so i cannot exchange it. It was already running the latest firmware but that was dated 25/11/2011.

I was about to go out this morning and purchase a new router but if anyone has an idea how i can fix the TPlink, it would be appreciated. Failing that just recommend me a good router for home use.

Thanks

If you have the v1 version of this router you are stuck with firmware dated 2011. The router supplied to me by TOT this week is version 3 so we have the benefit of firmware released this year.

http://www.tp-link.com/en/products/details/?model=TD-W8968#down

Edited by pj123
Posted

I also have a TD-W8961ND and have been having problems all this week. Yesterday i gave up and reconnected an old router without wifi. The TPlink is my router, it does not belong to my ISP so i cannot exchange it. It was already running the latest firmware but that was dated 25/11/2011.

I was about to go out this morning and purchase a new router but if anyone has an idea how i can fix the TPlink, it would be appreciated. Failing that just recommend me a good router for home use.

Thanks

If you have the v1 version of this router you are stuck with firmware dated 2011. The router supplied to me by TOT this week is version 3 so we have the benefit of firmware released this year.

http://www.tp-link.com/en/products/details/?model=TD-W8968#down

As the router was not working at all i decided to return to the shop where i had purchased it over 2 years ago to see if they could sort it out. I was surprised when they told me that it had a "lifetime warranty". So on the 16th when TP-link return to work i am hoping to get a replacement router!

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



ร—
ร—
  • Create New...