Jump to content

Securing A Router From Atacks Over The Internet


Recommended Posts

Hey guys, I saw a strange IP port scanning me last night and this new office has a new router fresh from the ISP. It was unsecured during the scanning and now I want to secure it against attacks from the internet and here's what I've done and please let me know what more I can do.

Disable Telnet.

Disable http remote admin

Disable ftp remote admin

Change default password

Verify DNS integrity

Disable SNMP

Change SNMP community string

And what else?

Link to post
Share on other sites

Use a remote port scanning tool to tell if there are any listening services you don't know about.

Hope it's firmware doesn't have any remotely exploitable vulnerabilities that can be deployed over the internet and cannot practically be blocked.

You have done everything one can practically do, now just hope :D

Link to post
Share on other sites

Disable SSDP, UPNP, and SNMP, remote administration, and disable HTTP and only use HTTPS if it has the option, disable telnet and ftp, port forward tftp to a null port(for those that try to overwrite your firmware on older router devices dumb enough to listen for new firmware. tftp uses NO authentication - be warned!). And like Sparda said, scan it from the internet for open ports. You never know what a device could have open without even knowing it. Especially on things provided by an ISP that have backdoors for them to get in.

Link to post
Share on other sites

The router that was being used actually had the telnet, snmp, and ftp ports open w/a default password and logging was disabled but I checked my DNS servers and they seem to be legit and luckily no real damage seemed to be done.

This machine/person was scanning ports in the 20000 range, maybe 100 or so, and all I could get from the firewall was that they were ICMP.

To my understanding ICMP can be used to reroute traffic so someone could sniff from over there internet? Anyone with any theories as to what was going on?

Ironic part is, I scanned the ip that was scanning me and it has no admin pw w/telnet and remote http enabled...

Edited by bobbyb1980
Link to post
Share on other sites

I would also turn off ICMP protocol on the router, that will prevent someone from flooding your router with Pings requests.

http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...