• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
iGuRu

iGuRu

Real-time Technology News. Opinions & Tweaks

  • / news
  • / tools
  • / tweaks
  • / dummies
  • / opinions
  • / support
  • / yourpost
home / dummies / How To Check Your Router For Malware

How To Check Your Router For Malware

24/06/2020 11:56 by Anastasis Vasileiadis

The security of the routers that users buy is almost non-existent. Attackers take advantage of low-quality routers and attack vulnerable devices.

See how you can check if your router has been compromised.

router e1544007964947 - How to check your Router for malware

 

Buying a home router is a lot like buying an Android smartphone. Manufacturers produce a large number of different devices and do not update their software, leaving them open to attack.

How your router can be compromised

Attackers often try to change the configuration of DNS servers on your router by adding malicious DNS servers.

So when you try to connect to a site - for example, your bank - the malicious DNS server takes you to a phishing site. The address may say nbg.gr, but you will be on a phishing site.

The malicious DNS server does not necessarily answer all the queries. It may not respond to most requests or redirect them to your ISP's default DNS server. Slow DNS requests are a sign that you may have been hacked.

You may notice that a phishing site does not have HTTPS encryption, but there are many who will not notice. SSL-stripping attacks can also remove encryption when transferring data.

They can "catch" requests for Google Analytics or other scripts from almost any website and redirect them to a server through another script that serves ads or whatever. If you see pornographic ads on a page that is not as familiar as iguru, it is almost certain that something is on your router, or on your computer itself.

Many attacks use request forgery attacks (CSRF). An attacker adds malicious JavaScript to a web page and JavaScript attempts to load the router admin page and change the settings. As JavaScript is running from a device within your local network, the code can access the UI of your router settings that is only available on your network.

Some routers may have the Remote Management UI enabled along with default usernames and passwords. There are bots that scan automatically for these routers.

How to check it

The only indication that a router has been compromised is if its DNS server has changed. Open your router's web UI to check the DNS server configuration.

This page exists under a local IP, and to find it you need to search the internet, or in the user manual. Enter the name of the manufacturer and model of the router you are using on the internet and search for the login URL.

Log in with your router username and password (usually on a sticker on the bottom of the router. Look for a “DNS” setting. You will usually find it on the WAN or Internet connection settings screen. Automatic ", ok - it gets the IP from your ISP. If it is set to" Manual "and there are custom DNS servers, it may be a problem if you do not have them installed.

No problem if you have set up your router to use alternate DNS servers - for example 8.8.8.8 and 8.8.4.4 for Google DNS, 208.67.222.222 and 208.67.220.220 for OpenDNS and 1.1.1.1 for Cloudflare.

However, if there are DNS servers that you do not recognize, it means that some malware has changed the router settings to use its own DNS servers. If in doubt, search the web for these IPS and see if they are safe or not. Something like "0.0.0.0" is good and often means that the field is empty and the router automatically receives a DNS server.

Help, there is a malicious DNS server!

If you find a malicious DNS server, you can disable it and tell your router to use the DNS server from your ISP or bypass the above legitimate DNS server addresses.

You may want to delete all your router settings and reset them to factory defaults. Then use the settings below to protect your router from impending attacks.

Your router settings

You can definitely set up your router against these attacks, but if the router has security vulnerabilities that have not been fixed by the manufacturer, there is nothing you can do about it.

  • Install firmware updates (firmware): Make sure the latest firmware for your router is installed. Enable automatic software updates if your router has the setting. Unfortunately, most do not.
  • Disable remote access: Disable remote access to admin pages.
  • Change the password: Change the password so that attackers can not enter with the default.
  • Disable UPnP: UPnP was and is particularly vulnerable. Even if UPnP is not vulnerable on your router, malware running somewhere on your local network can use UPnP to change the DNS server. This is how UPnP works - it trusts all requests coming from your local network.

 

DNSSEC is supposed to provide additional security, but it is not yet available. In the real world, every client trusts the configured DNS server. The malicious DNS server could claim that a DNS record does not have DNSSEC information and that the IP address being transmitted is real.

How To Check Your Router For Malware was last modified: 24 June, 2020, 11: 56 am by Anastasis Vasileiadis

spread the news

  • Facebook
  • Twitter
  • Reddit
  • Printing
  • Email

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News


Competition: dummiestag: router, router security

You May Also Like

How to break WPS PIN with Reaver
The 6 GHz band opens with Wi-Fi 6E
Fing see who is connected to your network

About Us Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Previous Post: « Does your computer have a virus? How to check it Does your computer have a virus? How to check it
Next Post: Why you should not use your browser password manager »

Reader Interactions

Comment Policy:

IGuRu.gr does not publish the comments immediately. Malicious comments, comments that include ads, or comments that are offensive are deleted without notice. We do not adopt the opinions expressed by our readers.
Your comments will be displayed after approval by the administrators


Leave your comment
Ακύρωση απάντησης

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *

 

 © 2021 · iGuRu.gr · ☢ · Keep It Simple Stupid Genesis theme

about  ·   get in touch  ·  rss  ·  sitemap  ·  cough

loading Cancel
Could not post post - check your email address!
Email verification failed, please try again
Your blog can not post posts via email.