Possible to access to the internal LAN if I know router pass

Data that travels over the air and how to protect (or decipher) it

Possible to access to the internal LAN if I know router pass

Post by marklodge on Thu Jun 26, 2008 5:34 pm
([msg=5875]see Possible to access to the internal LAN if I know router pass[/msg])

Is it possible to gain access to the internal LAN via WAN login on a broadband (ADSL) router, if I know the router password?
I've heard that users should always change their default router passwords as this can be exploited to allow hackers to gain access to the internal LAN (computers connected to the router) and can gain access to files stored on every pc on that lan. Is this true? If yes, then how is it done? I have done some searching but came up with nothing. Please enlighten us on this matter.
I have also read some threads which says that certain ports should be forwarded to be able to gain access to the internal Lan, but this was not very clear.
What is a malicious user able to accomplish if he knows the password of my broadband (ADSL) router? (Besides knowing my WAN username & password and resetting my router)
Any comments will be much appreciated
marklodge
New User
New User
 
Posts: 3
Joined: Thu Jun 26, 2008 5:31 pm
Blog: View Blog (0)


Re: Possible to access to the internal LAN if I know router pass

Post by yourmysin on Sat Jun 28, 2008 11:29 pm
([msg=6025]see Re: Possible to access to the internal LAN if I know router pass[/msg])

There is a feature on many router/switch's called remote administration. This feature allows you to connect directly to your router through the WAN interface. This is usually disabled by default and password protected. If an attacker gets ahold of your remote administration session you are well in trouble.

Think about what a router does, it routes traffic from one network to another. It is very easy for a hacker to take control of a remote administration session to change your routing table to route all data from your network to his. From this, should he choose to capture and replay the data you are subject to a MITM attack.

The hacker could also change your dns server to a server which he controls. Then you could easily be subject to a phishing attack you are not aware of.
A+, Network+, MCTS(70-620), Security+, CCNA
yourmysin
Experienced User
Experienced User
 
Posts: 84
Joined: Mon Apr 21, 2008 9:02 pm
Location: Newport, Maine, USA
Blog: View Blog (0)


Re: Possible to access to the internal LAN if I know router pass

Post by marklodge on Tue Jul 01, 2008 4:22 pm
([msg=6281]see Re: Possible to access to the internal LAN if I know router pass[/msg])

Thanks for the reply
I do know it is dangerous if a hacker has your password as there a many ways your security could be compromised
But, from a security point of view I do want to know specifically if it is possible for a malicious user to actually directly access all computers on the internal LAN via the router WAN login.
marklodge
New User
New User
 
Posts: 3
Joined: Thu Jun 26, 2008 5:31 pm
Blog: View Blog (0)


Re: Possible to access to the internal LAN if I know router pass

Post by Rijnzael on Tue Jul 01, 2008 9:41 pm
([msg=6313]see Re: Possible to access to the internal LAN if I know router pass[/msg])

It depends on the router firmware. If it doesn't have any functionality to allow a remote attacker to access your LAN, they they can't. If it does have such functionality (VPN, port forwarding, routing table modification), then they can. This is all assuming they have access to the administration interface or some other sort of login, of course.
Rijnzael
Poster
Poster
 
Posts: 164
Joined: Sun Apr 13, 2008 10:12 am
Location: 128.0.0.0/8
Blog: View Blog (0)


Re: Possible to access to the internal LAN if I know router pass

Post by marklodge on Thu Jul 03, 2008 5:48 am
([msg=6435]see Re: Possible to access to the internal LAN if I know router pass[/msg])

Rijnzael wrote:It depends on the router firmware. If it doesn't have any functionality to allow a remote attacker to access your LAN, they they can't. If it does have such functionality (VPN, port forwarding, routing table modification), then they can. This is all assuming they have access to the administration interface or some other sort of login, of course.


Thank you for the reply.
so how is it done via port forwarding?
i mean, if you change the route table it will modify outgoing data, right?
marklodge
New User
New User
 
Posts: 3
Joined: Thu Jun 26, 2008 5:31 pm
Blog: View Blog (0)


Re: Possible to access to the internal LAN if I know router pass

Post by int3grate on Sun Jul 06, 2008 9:00 pm
([msg=6711]see Re: Possible to access to the internal LAN if I know router pass[/msg])

marklodge wrote:
Rijnzael wrote:It depends on the router firmware. If it doesn't have any functionality to allow a remote attacker to access your LAN, they they can't. If it does have such functionality (VPN, port forwarding, routing table modification), then they can. This is all assuming they have access to the administration interface or some other sort of login, of course.


Thank you for the reply.
so how is it done via port forwarding?
i mean, if you change the route table it will modify outgoing data, right?


You usually have to be on the LAN to access the router and change the port forward settings, unless remote access is turned on (which it isn't by default on most routers). If it's a wireless router you could just jump on the LAN, access the router, and configure it however you like.
int3grate
New User
New User
 
Posts: 38
Joined: Tue May 27, 2008 7:54 pm
Blog: View Blog (0)



Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests