Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can A Router Be Infected?


  • Please log in to reply
8 replies to this topic

#1 on_the_edge

on_the_edge

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 25 November 2013 - 11:54 AM

Hello,

 

I am glad I came across this topic because I have been trying to find the answer to the question of can my router be infected / corrupt / compromised. I have not been able to really find a solid answer to that question.

 

I have just learned from reading this that I should turn off the WPS option which I appreciate learning that and will get my WPS turned off.

 

So I have a Cisco Linksys EA6300 Smart Router......that I do not seem to think is very smart. The CD that came with it only has documentation on it and no software or drivers. There is no software to download off their website either. I recently had a malware problem and felt as if my router had been hijacked because of how everything was acting. I needed to get a new router anyways and was told that this new one was "top of the line" great, fabulous, smart and all that jazz that a salesperson will tell you when trying to sell you something. When I hooked up this router it was not acting right either. I went through the set up and then did a factory hard reset and it still does not seem to act right. By that I mean for instance if I look on my network map window (windows 7 OS) it will show me the network but it shows the router as a computer, a switch, and a router. It will also show that I have a internet connection down in the bottom right corner of my screen but then when I would open my browser it would say I do not have a connection to the internet. This is the stupidest router ever in my opinion....nothing smart about it!!

 

 The "tech support" people for the router tell me it is just because windows has a hard time recognizing things correctly sometimes. Well, I have to tell you....I may be blonde but I am not stupid and have to call B.S. there. I have never had a problem with windows 7 recognizing a device of any kind. Every time I hook up a printer, a external HD, a ipod, a router, a modem or whatever it has always recognized it and given me the correct icon for each thing I have ever hooked up....except for this stupid "smart" router that thinks it is a router, switch, and a computer all in one.

 

So, PLEASE tell me if in fact that can a router can be infected and if so how can I tell and how can I fix it? Any and all and as much information you can give me would be so very appreciated.

 

Thank you so much.


Edited by Queen-Evie, 25 November 2013 - 05:26 PM.
split from http://www.bleepingcomputer.com/forums/t/513317/questions-for-computer-security-experts/


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:11 AM

Posted 25 November 2013 - 08:52 PM

Hello -
I did the usual search for reviews on this, but there were not a lot available. So I did the next thing which was to find you the Users Guide in .pdf copy.
You can read the User Guide or print it out if you want to keep any information from it.
Note that the .pdf Guide is on the left side of the page when you scroll down -
I found it to be Average or a Bit above average in most reports for a just over $100 unit.
If you paid over $130 then it was above the average market price that I found ($97 to $130).

To your original question, the software in the router can be Corrupted, but I have never seen one Infected.
That's not to say people won't try though; for example, there have been a number of published exploits against Cisco kit, for example http://www.cert.org/advisories/CA-1993-07.html

 

There is also a Cisco rep (or Ex rep) that hangs around here, and may be able to give you a "More defined" reply than this general research that I am doing.
I found Cisco has a program to release more software updates for the EA6300 in the near future.
You do seem to know what you are doing, so I think it may help if you were able to Fully Uninstall the Router from Control Panel, and then Reinstall it again, as I do know that this can often help.

Some malware can change the DNS servers in your router. Malicious DNS servers can direct you to phishing websites.
So make sure that your DNS server addresses in the router are not changed. You can follow these steps to protect your router from such malware :

 

- Restart your router.
- Change the default passwords to strong ones.
- Turn off remote access to your router. (Check your manual). This will disable access to your router from outside (external IP addresses).
- Check the DNS server addresses (again check your manual). See if these are same as your ISP provided (contact your ISP). Usually you have 2 DNS servers set in your router. When you are in doubt you can use Google public DNS servers 8.8.8.8 and 8.8.4.4
- Save the settings in your router. Your router will(should) restart automatically.

One way to check whether your router is accessible is from outside (from an external IP) is :

- Find out your IP address (when you are online) using http://www.whatismyip.com/
- Then visit, http://www.dnstools.com/ and choose option check port 80 then put in your IP address you earlier found. Click GO
- If you get Connected successfully to port 80. Then your router is accessible from outside (not good - change your router settings).

(Thanks to Romeo29 for some of this script)

More than enough informatiom to confuse most for a first reply, so please pick any items you wish to discuss -

 

Thank You -


Edited by noknojon, 25 November 2013 - 08:54 PM.


#3 cmptrgy

cmptrgy

  • Members
  • 1,649 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Massachusetts
  • Local time:07:11 PM

Posted 25 November 2013 - 11:07 PM

I am also interested in this topic and I'm going to followup on the above recommendations on my Netgear router

I suggest you also create a backup of your router configuration but do so with the router's default login but with the rest of your configuration intact. The reason is because if you ever forget your login user name & password but need to get into the router configuration you can use the .cfg file you created. But make sure you change the default log in information back to your own login info. And make sure you use a strong login password  



#4 cmptrgy

cmptrgy

  • Members
  • 1,649 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Massachusetts
  • Local time:07:11 PM

Posted 26 November 2013 - 12:32 PM

I checked the recommendations for checking my ISP and for checking port 80

--- In my case The port 80 test did not connect

--- Thanks for those recommendations



#5 Kilroy

Kilroy

  • BC Advisor
  • 3,362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:06:11 PM

Posted 26 November 2013 - 03:03 PM

Yes, a router can be infected, but like noknojon I've never seen it.  So, it is possible, but not probable.

 

The lack of Internet is most likely caused by your ISP.  Reset your modem.  Some ISPs, Comcast is one, only give you one IP address and the modem "remembers" what device was first connected to it and it will not work with another device until it is reset.

 

Changing the Admin password on the router is a basic security step you can take to protect your router.



#6 cmptrgy

cmptrgy

  • Members
  • 1,649 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Massachusetts
  • Local time:07:11 PM

Posted 26 November 2013 - 04:30 PM

In addition to a strong login password consider the following

Ensure you have the strongest security encryption possible; I have WPA-PSK (AES)

--- Do not use any form of WEP

Change the SSID to an ID that suits you and apply a strong passphrase key



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,390 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:11 PM

Posted 26 November 2013 - 06:08 PM

Routers can be compromised if they have a weak or default password which attackers can easily guess or break using a dictionary attack or brute force attack. Some routers have known vulnerabilities which can be exploited to open them up to attacks without needing to know the proper password. Malware which can modify routers are rare and may require the router to be a specific make, model and firmware revision. The most common was the DNSChanger Trojan which compromised the router's weak default password using brute-force attacks. The Trojan then changed the router's DNS table to malicious DNS servers...redirecting Domain Name resolutions to unsolicited, illegal and malicious sites the attacker wanted victims to access.
 

...Some DNS changer Trojans can alter routers' DNS settings via brute-force attacks. As a result, all systems connected to the "infected" router also become infected. Some DNS changer Trojans can also be used to set up rogue Dynamic Host Configuration Protocol (DHCP) servers on certain networks, which can have the same effect.

How DNS Changer Trojans Direct Users to Threats
"Millions" Of Home Routers Vulnerable To Web Hack
Malware Silently Alters Wireless Router Settings

 


Best Practice: Always reset your default router password with a strong password?.

Consult these links to find out the default username and password for your router, and write down that information so it is available when doing the reset:

These are general instructions for how to reset a router:

  • Unplug or turn off your DSL/cable modem.
  • Locate the router's reset button.
  • Press, and hold, the Reset button down for 30 seconds.
  • Wait for the Power, WLAN and Internet light to turn on (On the router).
  • Plug in or turn on your modem (if it is separate from the router).
  • Open your web browser to see if you have an Internet connection.
  • If you don't have an Internet connection you may need to restart your computer.

For more specific information on your particular model, check the owner's manual. If you do not have a manual, look for one on the vendor's web site which you can download and keep for future reference.

 

 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 cmptrgy

cmptrgy

  • Members
  • 1,649 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Massachusetts
  • Local time:07:11 PM

Posted 27 November 2013 - 06:16 AM

I know your topic is geared to whether a router can be infected / corrupt / compromised

--- I started out trying to narrow this down to a few lines or so but it ended up much longer than I thought it; however, please go through what makes sense to you and I hope my explanations are helpful

--- I’d think it would be a good idea to sort the issues you need to deal with to ensure the computer & router work together as they should so I have sorted out what appears needs to be addressed

 

You have Windows 7 OS

 

Who is your ISP and router model are you using from them?

--- Is it a wireless one?

--- Do you have another computer in your network?

------ If so, is it wired or wireless?

--- On the computer you are using, are you using it wirelessly?

 

You suspect your older router might have been hijacked and replaced it with the Cisco Linksys EA6300 Smart Router

--- If you have any drivers, software, links or whatever for the older router, uninstall them all

--- Usually I like to know what was wrong back then but with it out of the picture now, let’s just move on with what’s going on now

 

You recently had a malware problem

--- Remove the new router and use only the ISP router wired

--- Make sure the computer is clean as a whistle

------ Conduct whatever maintenance regimen you use

--- If you already know that the computer is clean and the computer is well maintained, that’s fine

--- Make sure you can use the internet as you normally do

 

Connect Cisco Linksys EA6300 Smart Router and go through the setup without using the WPS method

--- If you still run into

You have internet connection in the bottom right corner of your screen but when you open your browser you do not have a connection to the internet, call your ISP company first and politely ask them to help you get the router configurations to match up so you can connect to the internet

--- They might not be willing to do so but try it

----- I have some friends who were able to go that route and some who weren’t but for those who were able to do so everything turned out fine

--- ISP’s generally want to know whether or not an additional touter is in place beside their own

--- Sometimes a bridging process is the solution, it might apply in your case, and in my experience it’s the ISP’s help comes in very handily. So ask them if bridging is the way to go

 

The tech support people for the router tell you its because windows has a hard time tecognizing things sometimes

--- If you are not successful with your ISP, get back to Cisco Linksys EA6300 Smart Router tech support

--- The router is brand new. If your ISP can’t help you, Cisco’s tech support needs to help you

--- If you call them and are still unsatisfied, send a message to Customer Service, be brief on the explanation that the unit isn’t working properly

--- That will generate an automatic response and eventually a service number

--- This not the time to point out the network map issues as that sidetracks the router issue

--- This is the time to have Cisco’s tech support get the unit working for you

--- If total frustration kicks in, see if you can return the unit for lack of functionality

----- Complain to the manager if you have to

 

The network map shows the router as a computer, a switch and a router

--- The network map issue could be the result of how the router gets set up but I don’t see why either your ISP or Cisco’s tech support won’t be able to figure that out

 

I’d like to finish this off with an experience my son went through

He had a wired router from his ISP he was using on his desktop computer. He bought a wireless laptop and an additional router which was wireless through his ISP. Unfortunately like you he had internet connection in the bottom right corner couldn’t connect to the internet. His ISP tech support couldn’t help him over the phone so they sent a technician to the house and even he couldn’t get it going properly. So then my son called the wireless router tech support and they couldn’t help him either. Well the next day he called the wireless router tech support again and this time he got someone who knew what she was doing. He was up and running in about half an hour. Additionally shewas doing some setup that my son had been told “no, don’t do this or that because it doesn’t work” but the lady who got the job done told him something like “that’s ok, watch this” and the rest is history. Note I didn’t mention any company names and that was on purpose. Plus it took someone who know what she was doing.



#9 brettjohnson

brettjohnson

  • Banned Spammer
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 06 December 2017 - 11:11 AM

For checking the IP. What is my IP Address.

 

Brett.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users