My Router and Sniffing

[Eager2Learn]

Just joined up. I hope to contribute although I am here more to learn. I am 13 and very much into cyber security type stuff. I plan on going into the IT field as soon as I can. I am in high school (12th grade next year) but I am also in college taking my second year of Database and Security. Next year I will also be taking Into to the Criminal Justice System Cyber and Data Forensics. 

I would like to know more about people here also!

My first question is:

 

If someone logs into my router from a remote location using the inet. Can they use a sniffer to sniff my families traffic online?

[digininja]

Yes and no.

I'm going to assume web traffic here as it is easier to start with.

If a remote user gets access to your router then you have a lot of problems. Depending on the router the may be able to redirect traffic through things like DNS attacks and so your traffic to site X would go to their site rather than the real one so they would see the traffic.

But, if you are using HTTPS and it is set up correctly with HSTS or you don't accept invalid certificate warnings, then all they would probably be able to see is encrypted traffic which isn't much good to them.

The is a lot more to it than that but there is your starting point.

[Eager2Learn]

If they some how got my user/pass and were able to log into my router and they just started sniffing my ip address then you are saying it is possible. My thinking is the https would when I get online through my router to go to the inet then my traffic from that site is securely protected. But me logging into a site initially would be open to sniffing IF they were connected to my router. Also lets say I am do school work with my computer while it is connected to my router but I am not surfing or anything. I am thinking they may be able to sniff what I am doing even though I am not surfing.

Hope I got my question through to you correctly.

[digininja]

First, it should not be possible to connect to a router from the outside, the admin interface should be locked down to internal only.

If you aren't doing anything to do with the internet then there is no traffic to sniff. If all you are doing is writing a document in word then there is no network traffic generated.

If setup correctly, HTTPS covers all the connection, from first visiting the site, through logging in, and all your surfing. All of it would be encrypted and not visible. This assumes the site is setup correctly though.

[Bigbiz]

If someone had access to yoir router then injected a exploit payload into it. How ever which way thay did it or why there is a possiblity to gain control of network traffic. Then they would have a backdoor into your network. ? 

[Eager2Learn]

OK, I know people leave their defaults untouched. I am studying up on next year in advance. Their is a project I see where we have to do a lab project where we are given a network with a router that has vulnerabilities and we will be required to find exploits and access the network and provide how we did it in a report. There will be time limits so I am reading all I can on this.  

[digininja]

Any decent router/modem would not have the admin interface listening on the WAN side so default creds or not, they would not be able to access it to do any damage.

If you can get on to it in some way then yes, you could potentially install stuff and do damage, but that assumes it is vulnerable to an attack, there is an exploit available, and that there is something interesting that can be done after exploitation.