6
endor
5y

No idea what the fuck just happened, but my home router just dropped the internet connection and started demanding that I change the admin (default) password.
Now, I know that default passwords are bad and all that, but why the fuck now? This thing has been sitting there for over a year, and it only decided to complain now?

There have been some weird things going on lately, and I'm starting to worry that some of my systems may have been compromised in some way... but I'm not sure what/how, nor how to look for it...

Any tips for identifying a breach and disaster recovery?

Comments
  • 2
    Update: I just noticed that the reported firmware version is 201912xx.
    I never updated the firmware, and there doesn't seem to be an autoupdate feature...
  • 0
    [tactical comment]
  • 4
    When the router belongs to your cable provider, there is no auto update feature.

    The cable provider has unlimited access in most cases and does whatever the fuck he wants.

    :)
  • 1
    @IntrusionCM but this router belongs to me, as far as I'm aware of. And I'm not aware of any "feature" that should let my ISP have direct access to it (but I guess I could be wrong about that).

    The thing is, this is just the last freak occurence of a bunch that have been happening lately (not just about my router), which is making me quite worried and paranoid.

    As if being stuck at home during a global pandemic wasn't enough.
  • 4
    @endor if your ISP supplies the router, there's a remote connection enabled that allows them to push firmware updates, access to router settings and basically do anything they want.

    My router has this, and is well aware what I'm doing when I block the port in the firewall in which it prevents doing.

    If by purchased and own it you mean you went into an electronics store and bought it yourself, I'd be suspecting a breach has occurred.
  • 2
    @endor What C0D4 says.

    As long as you didn't buy yourself a router, it belongs to the ISP.

    Reason I never ever utilised a router from the ISP alone, always used own device... Either direct access to Internet or as a firewall / seperation from the ISP router.
  • 1
    @C0D4 @IntrusionCM thanks, I'll have to check with my father, he's the one who made the contract and bought the stuff, and I can't remember if he got it separately or of if it was included with the contract.
  • 1
    @endor

    Don't check up on the massive security failures ISPs did... Or are still doing.

    It's an unbelievable fuckery.

    Cable (Coax) based providers eg here in germany stored cleartext passwords for SIP / inter device (ISP wide!!!) and so on in the firmware.... Guess what, you can read the firmware ... Was few years ago....

    Or the Telekom Business fuckup, allowing SMB access to sensitive data, as the customers were doctor's offices...

    Oh boy. I couldn't stop ranting about this.
  • 3
    "No idea what the fuck just happened, but..." *proceeds to describe exactly what happened*

    Paused after reading just the first sentence, was funny.
  • 1
    @IntrusionCM oh, I'm well aware of the fuckery going on with ISPs
  • 1
    @endor
    Welp. This is the time of the firewall and network traffic monitoring.
Add Comment