How To Check Your Router For Malware

The security of the routers that users buy is almost non-existent. Attackers take advantage of low-quality routers and attack vulnerable devices.

See how you can check if your router has been compromised.

 

Buying a home router is a lot like buying an Android smartphone. Manufacturers produce a large number of different devices and do not update their software, leaving them open to attack.

How your router can be compromised

Attackers often try to change the configuration of DNS servers on your router by adding malicious DNS servers.

So when you try to connect to a site - for example, your bank - the malicious DNS server takes you to a phishing site. The address may say nbg.gr, but you will be on a phishing site.

The malicious DNS server does not necessarily answer all the queries. It may not respond to most requests or redirect them to your ISP's default DNS server. Slow DNS requests are a sign that you may have been hacked.

You may notice that a phishing site does not have HTTPS encryption, but there are many who will not notice. SSL-stripping attacks can also remove encryption when transferring data.

They can "catch" requests for Google Analytics or others from almost every website and redirect them to a server via another script that serves ads or whatever. If you're seeing pornographic ads on an unusual site like iguru, there's almost certainly something wrong with your router, or your computer itself.

Many attacks use request forgery (CSRF) attacks. An attacker adds a malicious JavaScript to a and the JavaScript attempts to load the router's management page and change the settings. As the JavaScript runs from a device inside your local network, the code can access your router's settings UI that is only available on your network.

Some routers may have Remote Management UI enabled along with default usernames and passwords . There are bots that automatically scan for these routers.

How to check it

The only indication that a router has been compromised is if its DNS server has changed. Open your router's web UI to check the DNS server configuration.

This page exists under a local IP, and to find it you need to search the internet, or in the user manual. Enter the name of the manufacturer and model of the router you are using on the internet and search for the login URL.

Log in with your router username and password (usually on a sticker on the bottom of the router. Look for a “DNS” setting. You will usually find it on the WAN or Internet connection settings screen. Automatic ", ok - it gets the IP from your ISP. If it is set to" Manual "and there are custom DNS servers, it may be a problem if you do not have them installed.

No problem if you have set up your router to use alternate DNS servers - for example 8.8.8.8 and 8.8.4.4 for Google DNS, 208.67.222.222 and 208.67.220.220 for OpenDNS and 1.1.1.1 for Cloudflare.

However, if there are DNS servers that you do not recognize, it means that some malware has changed the router settings to use its own DNS servers. If in doubt, search the web for these IPS and see if they are safe or not. Something like "0.0.0.0" is good and often means that the field is empty and the router automatically receives a DNS server.

Help, there is a malicious DNS server!

If you find a malicious DNS server, you can disable it and tell your router to use the DNS server from your ISP or bypass the above legitimate DNS server addresses.

You may want to delete all your router settings and reset them to factory defaults. Then use the settings below to protect your router from impending attacks.

Your router settings

You can definitely set up your router against these attacks, but if the router has security vulnerabilities that have not been fixed by the manufacturer, there is nothing you can do about it.

  • Install firmware updates (firmware): Make sure the latest firmware for your router is installed. Enable automatic software updates if your router has the setting. Unfortunately, most do not.
  • Disable remote access: Disable remote access to admin pages.
  • Change the password: Change the password so that attackers can not enter with the default.
  • Disable UPnP: UPnP was and is particularly vulnerable. Even if UPnP is not vulnerable on your router, malware running somewhere on your local network can use UPnP to change the DNS server. This is how UPnP works - it trusts all requests coming from your local network.

 

DNSSEC is supposed to provide additional security, but it is not yet available. In the real world, every client trusts the configured DNS server. The malicious DNS server could claim that a DNS record does not have DNSSEC information and that the IP address being transmitted is real.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.082 registrants.

routerrouter security

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).