Vunerable Routers

Status
Not open for further replies.
Joined
Mar 21, 2004
Messages
29,514
Location
Near the beach in Delaware
So lots of articles about routers that are vunerable to all kinds of bad things. So people should upgrade to latest firmware. Got that.

But what about the cable modem/routers or DSL modem/router that in many cases are controlled by ISP.

Many people have their own router also so it's unlikely that someone could hack into your private network past your own router that is properly upgraded.

One of the vunerabilities is to use a router for crypto mining, etc. They could do that with the ISP supplied modem/router if it was vunerable and one does not really know.

How up to date do you think the ISP keeps the routers they supply?
 
We have windstream and the windstream tech guy said that they do automatic updates to the router. No way for a consumer to check as far as I know.Maybe they really are doing updates or maybe not. I have not had any issues with router as far as I know.
 
If you know enough to be concerned about router vulnerabilities, then you should know enough to not use ISP-supplied gear.

Even if you have to pay someone to set it up for you, your return on investment will STILL make it worthwhile!

As far as vulnerabilities, I can't imagine any serious hacker, stationed within range of your wifi, being deterred by any amount of software protection. If someone wants to hack you specifically, then you're very possibly screwed.

Otherwise, simply follow good etherweb surfing practices and you shouldn't have anything to worry about.
 
So... What's the router to buy these days?

Used to have a linksys, then an Asus that reflashed to some other SW. When Fios came in with a good deal, we just took that thing, but its wifi performance recently has been lacking.

It seems to me to make sense that big tech companies would push software updates to their gear. But it doesnt mean there isnt something better...
 
I live in the burbs and I don't worry about things like this. I've had my bank account hacked and had the thousands stolen from returned by the bank. Not going to worry about the boogie man.
 
There's a reason my company won't allow 192.168.0 internal networks run by routers from big box stores to access the internet. Vulnerability. They refuse to allow them passage through the corporate managed firewall.
 
Originally Posted by riff1006
There's a reason my company won't allow 192.168.0 internal networks run by routers from big box stores to access the internet. Vulnerability. They refuse to allow them passage through the corporate managed firewall.


You realize you can readily change the subnet used by any of these devices right?
 
Originally Posted by OVERKILL
Originally Posted by riff1006
There's a reason my company won't allow 192.168.0 internal networks run by routers from big box stores to access the internet. Vulnerability. They refuse to allow them passage through the corporate managed firewall.


You realize you can readily change the subnet used by any of these devices right?


Joe consumer has no idea of IP address schemes. I think they are just relying on that.
 
> There's a reason my company won't allow 192.168.0 internal networks run by routers from big box stores to access the internet.

Your company has nothing to do with it.
192.168.0.0/16 is one of the non-publicly routable address spaces.
 
If you're worried about your ISP's gateway device, setup your house on a residential-class router and just use the ISP's device as a next-hop gateway. Problem solved.
 
Originally Posted by spackard
> There's a reason my company won't allow 192.168.0 internal networks run by routers from big box stores to access the internet.

Your company has nothing to do with it.
192.168.0.0/16 is one of the non-publicly routable address spaces.


Assuming this is a typical schema leveraging NAT, there's only policy stopping double-NAT, which was my takeaway from his statement.
 
Originally Posted by JustinH
Originally Posted by OVERKILL
Originally Posted by riff1006
There's a reason my company won't allow 192.168.0 internal networks run by routers from big box stores to access the internet. Vulnerability. They refuse to allow them passage through the corporate managed firewall.


You realize you can readily change the subnet used by any of these devices right?


Joe consumer has no idea of IP address schemes. I think they are just relying on that.


If so, that's a pretty poor way of locking it down. No non-work equipment should be connecting to the company Intranet. This includes allowing only a single MAC address on a port and often times registering the MAC's allowed on the network.
 
Status
Not open for further replies.
Back
Top