Is it possible to use Wifi to hack a router?

Hi,
I met something strange in my system.
The condition is like that:
I have a wireless router(DLink). I didn't set any security password
for the Wifi because I worried about the speed. But I disabled the
DHCP,so every machine has to set its IP and gateway same with the
router. In my family, I have about 4 computers, that's not a big deal to
me. Yesterday suddenly I found my router's Wifi was locked! It's so
strange. Even somebody guessed my network IP range(192.168.0.x), how did
he know the router's manage page's user name and password? Although that
page is not https page, but if he wanted to hijack the package between
my client and the router, he had to first begin a ARP attack and mask
himself to a router(maybe he just acted as a package dispatcher to
router). I even cannot imagine that would happen because this is a tough
job. First he had to guess the IP range, then he had to write an ARP
attack program and mask program. Even I am a senior software engineer,
it will take me a couple of days and sometime we may stop before the
first step-guessing IP range. Or there is someone use the Wifi security
back door? I only know something about that news, but I don't know
exactly about it. I'm using Linux OS, it seemed that the hole hides in
the network? In fact, now I care technology more than the hack event
itself. Can someone explain it to me? I graduated from a famous Chinese
university's EE major. So don't hesitate to explain it in technology
way. Thanks in advance.

Re: Is it possible to use Wifi to hack a router?

PP wrote:



Why don't you ask is alt.internet.wireless?

They will tell you that anyone with any expertise and savvy can hack the
wireless, if they wanted to come after your wireless network or the router.

Re: Is it possible to use Wifi to hack a router?

PP wrote:
> Hi,
> I met something strange in my system.
> The condition is like that:
> I have a wireless router(DLink). I didn't set any security password
> for the Wifi because I worried about the speed.
not very smart...AT ALL

>But I disabled the
> DHCP,so every machine has to set its IP and gateway same with the
> router. In my family, I have about 4 computers, that's not a big deal to
> me. Yesterday suddenly I found my router's Wifi was locked! It's so
> strange. Even somebody guessed my network IP range(192.168.0.x), how did
> he know the router's manage page's user name and password?
come on,

>Although that
> page is not https page, but if he wanted to hijack the package between
> my client and the router, he had to first begin a ARP attack and mask
> himself to a router(maybe he just acted as a package dispatcher to
> router). I even cannot imagine that would happen because this is a tough
> job. First he had to guess the IP range, then he had to write an ARP
> attack program and mask program. Even I am a senior software engineer,
> it will take me a couple of days and sometime we may stop before the
> first step-guessing IP range. Or there is someone use the Wifi security
> back door? I only know something about that news, but I don't know
> exactly about it. I'm using Linux OS, it seemed that the hole hides in
> the network?

no, in your config and in wireless 802.11 technology in general.
In fact, now I care technology more than the hack event
> itself. Can someone explain it to me? I graduated from a famous Chinese
> university's EE major. So don't hesitate to explain it in technology
> way. Thanks in advance.

install kismet on your linux box and see what they see...
other hints: airsnort, aircrack, airopeek, netstumbler

M

Re: Is it possible to use Wifi to hack a router?

mak wrote:
> PP wrote:
>> Hi,
>> I met something strange in my system.
>> The condition is like that:
>> I have a wireless router(DLink). I didn't set any security password
>> for the Wifi because I worried about the speed.
> not very smart...AT ALL
>
>> But I disabled the DHCP,so every machine has to set its IP and gateway
>> same with the router. In my family, I have about 4 computers, that's
>> not a big deal to me. Yesterday suddenly I found my router's Wifi was
>> locked! It's so strange. Even somebody guessed my network IP
>> range(192.168.0.x), how did he know the router's manage page's user
>> name and password?
> come on,
>
>> Although that page is not https page, but if he wanted to hijack the
>> package between my client and the router, he had to first begin a ARP
>> attack and mask himself to a router(maybe he just acted as a package
>> dispatcher to router). I even cannot imagine that would happen because
>> this is a tough job. First he had to guess the IP range, then he had
>> to write an ARP attack program and mask program. Even I am a senior
>> software engineer, it will take me a couple of days and sometime we
>> may stop before the first step-guessing IP range. Or there is someone
>> use the Wifi security back door? I only know something about that
>> news, but I don't know exactly about it. I'm using Linux OS, it seemed
>> that the hole hides in the network?
>
> no, in your config and in wireless 802.11 technology in general.
> In fact, now I care technology more than the hack event
>> itself. Can someone explain it to me? I graduated from a famous
>> Chinese university's EE major. So don't hesitate to explain it in
>> technology way. Thanks in advance.
>
> install kismet on your linux box and see what they see...
> other hints: airsnort, aircrack, airopeek, netstumbler
>
> M

Thanks.
From my understanding, I guess it happened like that.

First, the guy has to connect to my router using the same IP range(he
guessed it out?).
Then because my router didn't set the mac binding, he may listen the
SSID broadcast and find an active IP(like my laptop). When he found the
IP, he may start an ARP attack and cheat router.
When my laptop send http request to router to login my router's admin
page, the hacker can easily hijack the router's response.
What I have to do , I think, is to set up the IP-mac binding in the
router. In fact,now I'm so interested to write such an application to
play around.

Re: Is it possible to use Wifi to hack a router?

PP wrote:



> From my understanding, I guess it happened like that.
>
> First, the guy has to connect to my router using the same IP range(he
> guessed it out?).

It doesn't take much as everyone in the world knows the IP's starting
with the Device IP of the major brands of the routers. You disabling
DHCP meant nothing.

> Then because my router didn't set the mac binding, he may listen the
> SSID broadcast and find an active IP(like my laptop).

Even if you had it set, a hacker with any expertise and savvy can come
around it.

I doubt the hacker did any listing on anything. Most likely, the hacker
just found a static IP on the router in the range of the Device IP and
walked the IP(s) until the hacker got an open one.

> When he found the
> IP, he may start an ARP attack and cheat router.

Cheat the router how? The hacker was already on the wireless side on the
network and had access to the router.

> When my laptop send http request to router to login my router's admin
> page, the hacker can easily hijack the router's response.

Well if you left the user-id and psw for the router in their out of the
box default settings, then every one already knows them, and since
hacker was already on the network and knows the default user-id a psw,
that you possibly left in their default settings (you never changed
them), the hacker simply logged on to the router.

> What I have to do , I think, is to set up the IP-mac binding in the
> router. In fact,now I'm so interested to write such an application to
> play around.

I could be wrong on all of it.

But where you really need to make the post is to alt.internet.wireless
to the people that do wireless for a living and know the security
aspects of wireless and the devices. They also know how to hack past all
the security features and can give some tips on how to protect on the
wireless.

Re: Is it possible to use Wifi to hack a router?

On Thu, 15 Mar 2007 13:48:32 +0800, PP wrote:

> Hi,
> I met something strange in my system.
> The condition is like that:
> I have a wireless router(DLink). I didn't set any security password
> for the Wifi because I worried about the speed. But I disabled the
> DHCP,so every machine has to set its IP and gateway same with the
> router. In my family, I have about 4 computers, that's not a big deal to
> me. Yesterday suddenly I found my router's Wifi was locked! It's so
> strange. Even somebody guessed my network IP range(192.168.0.x), how did
> he know the router's manage page's user name and password? Although that
> page is not https page, but if he wanted to hijack the package between
> my client and the router, he had to first begin a ARP attack and mask
> himself to a router(maybe he just acted as a package dispatcher to
> router). I even cannot imagine that would happen because this is a tough
> job. First he had to guess the IP range, then he had to write an ARP
> attack program and mask program. Even I am a senior software engineer,
> it will take me a couple of days and sometime we may stop before the
> first step-guessing IP range. Or there is someone use the Wifi security
> back door? I only know something about that news, but I don't know
> exactly about it. I'm using Linux OS, it seemed that the hole hides in
> the network? In fact, now I care technology more than the hack event
> itself. Can someone explain it to me? I graduated from a famous Chinese
> university's EE major. So don't hesitate to explain it in technology
> way. Thanks in advance.

Lets examine the simple facts:

Installed a wireless router
Installed default password
Installed it at a common IP
You ignored all the normal security warnings

Take this as a lesson learned and start following standard security
practices.

Install WPA-PSK
Change the default/standard network to something like 192.168.203.254/24
Setup logging to a PC so that you can monitor traffic
Block outbound ports 135-139 & 445
Change the router admin password (something with 10 characters)

Change the WPA and Router password monthly.



--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)