Friday, 27 November 2015

Router Security - Weak Points and Counter Measure



ROUTER SECURITY 

Objective:
  • The main objective of this article to see weak points of router and how to make router more secure.
  • To spread awareness about the router security. So the user itself protect their home or corporate network more secure.
  • We talk about the weak points of router configuration and what will be the impact if it is configured poorly on the network. 
1# Weak Point: Authentication Bypass

Authentication Bypassing: There are many ways to bypass the authentication and one of them is default password. This is commonly found when user is not aware about the security of WiFi router and chances are more of router hijacking.

Image 1: The below screenshot shows how to bypass "Linksys" authentication bypass by simply using password: admin. See the below image for more details:


Image 2: After bypass authentication, we can control the whole router. Lots of information disclosed such as:
  1. Internet IP details: Which gives internal details of the ip given by the ISP.
  2. Network Setup Details: Such as router IP, subnet mask, Router name.
  3. Router name and version number: These information helpful for an attacker to find vulnerabilities and exploit it.
  4. DHCP Server settings: An attacker can use this service to reserve their ip address.
See the below screenshot for more details.


Countermeasure:

Secure your router by changing the default password with strong one. This should be consist of Alpha numeric, letters (Capital and Small), symbols and length of the password. As login password is the first line of defense. We should make it hard so no one can go beyond this level.

2# Weak Point: Reboot the Device 

Once an attacker inside the router, it can reboot the device easily disconnect all the users connected to the WiFi router.


Countermeasure:
  • The impact of "Reboot" Depends on where the WiFi router is situated. If it is in the corporate, impact is more, if is at home then the impact is less.
  • Again safe your router from default password. Upgrade your firmware if your router supports. So that no one can take advantage of the vulnerability and get inside your router.
3# Weak Point: Playing with SSID name

Image 1: A bad guy can change your Network Name (SSID name), something like "You are hacked" or may be worst which you not expected. See the below image for more details:


Image 2: The below image shows the Network name or SSID name is start broadcasting after saving router configuration. See the below screenshot for more details:


4# Weak Point: WEP Encryption
  • Image 1: The below screenshot shows the "Security Modes". Through these "Security Modes" an attacker can use for their own backdoor purposes by selecting the weak WEP encryption.
  • Also from "Passphrase" option an attacker can set their own password for the WiFi devices. See the below image for more details:
Countermeasure:
  • If you are using W.E.P (Wired Equivalency Privacy) as a security mode in your router, Its better to use a secure security mode "WPA2/WPA Mixed Mode".
5# Weak Point: Credential travel through weak channel (HTTP)


Description:When we access router via weak channel such as HTTP, we make our router more vulnerable to MiTM attack i.e Man-in-the-Middle attack. An attacker can use sniffers such as Wireshark to capture packets and steal credentials.


DEMO TIME: Let see how an attacker steal credentials.

  • Image 1: The below screenshot display web service is running on HTTP and wireshark is ready to capture the packets on the network interface.

Image 2:After login, observe the wireshark packets. When we follow the TCP stream we found the password. It would be more better if this password travel in a more secure channel i.e HTTPS. See the below screenshot for more details:


Countermeasure:
Always use secure channel i.e HTTPS to safely pass your credentials on the network.


Secure Access
  • After changing access mode from HTTP to HTTPS, observe how the data is travelling on the network.
Image 1: This image shows, user is going to enter the default password.


Image 2: The below image shows how attacker capture the packets using wireshark and when we follow the TCP stream, everything is encrypted. This makes the channel more secure.



6# INSECURE LOG MANAGEMENT
DESCRIPTION
Nobody care about the Log management, usually when get inside the public wifi this thing is common to see. Not only public WiFi, the corporate WiFi has the same story.

DEMO TIME: Log management is "Disabled".

Image 1: In this device, no log is not enabled. Which helps an attacker to do activities without leaving traces. If this thing enabled on the router, it helps the owner to identify the attacker. See the below image for more details:




AFTER ENABLED LOG MANAGEMENT 
  • After enable the log, we are going to see how log help us to identify user connected to the network and what IP they are accessing through our WiFi.
  • If someone is abusing your router and using it for wrong purpose, this log can save you if you enable it. May be it help forensic teams to collect very important logs which help to trace attacker.
  • Image 1: The below image shows, we have enabled the Log options. See the below image how we can enable it in LINKSYS router.
OUTGOING LOG: 
  • Security Perspective: This log helps you to understand what user is accessing on the network through your WiFi.
  • These logs helps to identify IP addresses, port no, destination URL or IP address.
EXAMPLE IMAGE: The below image shows the outgoing logs as described above. See the image for more details:


Countermeasure: 

  • Always enable Log management on the router.
SUMMARY 
  • In this article, we see practically how we bypass authentication of the router.Then how to play with SSID name, what happen if we use unsecured channel like HTTP and at last importance of log management.
  • A attacker can reboot the router with any intentions either just for fun or to take down the network.
  • We talk about weak points of router and how to countermeasure. Hope this small article is helpful for all out there.
  • This is just for educational purpose only, don't try at your home or someone router until you don't have the permission.

    Follow Us:
THIS ARTICLE IS JUST FOR EDUCATIONAL PURPOSES ONLY/-

0 comments:

Categories

Angry IPScanner On Backtrack 4 Arduino Arduino Opensource community attacks on router auditing tool Aurora Exploiting Through Kali Linux AUTOSCAN ON BACKTRACK 5 BackBox Linux On hackingDNA Backtrack 5 : Linux Commands Backtrack Bootable Pendrive Backtrack Tool : The Harvester Blender On Backtrack 5 Block Command Prompt Browser Autopwn On Backtrack 5 BUGTRAQ LOG REMOVER BLEACHBIT chkrootkit on Backtrack 5 chntpw on backtrack 5 cisco switches routing auditing tool. Client Side Attack On Backtrack 5 Command Shell Upgrade On Backtrack 5 Conky On Backtrack 5 convert guest account into admin using chntpw in backtrack 5 Convert Jpg Image into Ascii on Backtrack 5 countermeasures Cracking Unix Password On Backtrack 5 Cupp On Backtrack 5 Cutycapt On Kali Linux Detect Sniffer6 On Kali Linux dmitry on backtrack 5 Dnmap On Kali Linux dnsenum on backtrack 5 dnsrecon on backtrack 5 dnstracer on backtrack 5 dnswalk on backtrack 5 DOMAIN TOOL ON BUGTRAQ Dos attack driftnet on backtrack 5 dsniff on backtrack 5 enum4linux esp8266 EtherApe On BackTrack 5 ewizard on backtrack 5 ExifTool On BackTrack 5 Exploit Distccd On BackTrack 5 Exploit RDP Vulnerability On Kali Linux Exploit Samba Server On Backtrack 5 fatback on backtrack 5 FERN CRACKER ON BACKTRACK 5 Fierce in Backtrack 5 findmyhash : Crack the hash on Backtrack 5 Firewalk-Script On BackTrack 5 Firewall On Backtrack 5 Flash Player On Backtrack 5 Genlist On Backtrack 5 Gerix Cracker On Backtrack 5 Get Your Data Back Golismero On BackTrack 5 GOOFILE ON BUGTRAQ Google Kung-Fu goohost on backtrack 5 Grendel-Scan On Backtrack 5 gtk-recordmydesktop on backtrack 5 HACK BACKTRACK 5 via RAT Hack The Database with Backtrack 5 Hack the Facebook with Backtrack 5 Hack the windows in GNS3 Hack Windows XP using Backtrack 5 Hack Windows Xp using msfconsole hacking Hacking Lab 01 Hacking Windows 7 USING Backtrack 5 hackingdna hackingDNA choice :Best Antivirus Detection honeyd on backtrack 5 honeypot on backtrack 5 HOW TO INSTALL REDHAT ENTERPRISE LINUX 5 How to block ICMP request How To Install CAINE How to Install Chromium Browser on Backtrack 5 How to Install Windows 7 Ultimate How To Install Xampp On Kali Linux How to make new User in Backtrack 5 How to see files and directories on Linux how to use arduino in kali linux How to use Host Command on Backtrack 5 How to use Nano Editor on Backtrack 5 How to use Ping Command on Backtrack How to use whois tool on Backtrack 5 hping2 on backtrack 5r2 Httprint On BackTrack 5 icmpv6 flooding attack ifconfig command Installing And Accessing Backdoor On Backtrack 5 Installing software on Backtrack 5 using apt-get ipcalc on backtrack 5 Itrace On BackTrack 5 Jigsaw On Backtrack 5 Joomscan On Backtrack 5 KALI ARMITAGE ON KALI LINUX kali linux kali linux arduino Kali Linux Installation Kali Rolling Release 2016.2 keimpx on backtrack 5 Lanmap On Backtrack 4 Learn arping on Backtrack 5 Learn Basic of Internet with DAWN OF THE NET Learn Basics if Screen Utility Learn cmospwd on Backtrack 5 Learn dnsdict6 on backtrack 5 Learn fping on Backtrack 5 Learn Help Utilities Command On Backtrack 5 Learn hexedit on Backtrack 5 Learn how to hack root account on REDHAT5 Learn How to Install Backtrack 5 Learn how to make Bootable Pendrive Learn how to split Terminal into different regions Learn How To Split Terminal on backtrack 5 Learn how to use Armitage in Backtrack 5 Learn how to use chntpw on backtrack 5 LEARN HOW TO USE CISCO PACK ON BUGTRAQ - II Learn How to use ettercap on Backtrack 5 for hacking username and passwords Learn how to use Netstat Commands On Backtrack 5 Learn how to use nipper Learn How to work with Vim editor on Backtrack 5 Learn Linux Commands on Backtrack Environment Learn Netdiscover On Backtrack 5 Learn Pentbox On Backtrack 5 Learn Recoverjpeg on Backtrack 5 Learn samdump on backtrack 5 Learn TrueCrypt On Backtrack 5 LINUX NETWORKING COMMANDS ON BACKTRACK 5 linux OS LINUX PARTITION ON BACKTRACK 5 List-Urls On Backtrack 4 Load Balancing Detector On Backtrack 5 LOG REMOVER BLEACHBIT Lynis On Backtrack 5 Mac Tracker On Backtrack 5 macchanger on backtrack 5 Matriux Installation On hackingDNA Metaexploit Framework : Collecting Email Addresses Metasploit Framework With Basic Commands Meterpreter on Backtrack 5 mitre-cve on backtrack 5 MSF AUXILIARY SCANNING ON BACKTRACK 5 msf scanning on backtrack 5 nbtscan on backtrack 5 NESSUS ON BACKTRACK 5 Net Card Config Netcat : Learn how to create a instant chat session on Backtrack 5 netenum on backtrack 5 Netifera On Backtrack 5 NETMASK On Backtrack 5 NIKTO ON KALI LINUX Nmap Scanning On Backtrack 5 nmap smb script offensive security Oneko And Cowsay On BackTrack 5 OpenOffice On Backtrack 5 OpenVAS On Backtrack 5 Orion Browser History Dumper v1.0 Penetration Testing Pipal On Backtrack 5 PostgreSQL On Kali Linux Practice Session On Backtrack 5 PROTOS on backtrack 5 Reconnaissance Recover Kali Password Remote Desktop Connection Remote Desktop On Backtrack 5 Remote Desktop Sharing Removing Backdoor on Backtrack 5 Restrict Control Panel Restrict Registry Editor by Group Policies Rkhunter On Backtrack 5 router auditing tool Router Penetration Testing router security Safecopy On Backtrack 5 samba testing samrdump on backtrack 5 Scanning security auditing tool Shell Scripting On Kali Linux Shrink and Create Partition on Windows 7 Shutter On Backtrack 5 siege on backtrack 5 smb enumeration smb hacking Smbclient On Backtrack 5 Smtpscan On Backtrack 5 SMURF6 ON KALI LINUX Sniff Images on Backtrack 5 using Driftnet Snort On Backtrack 5 snurf6 Software Updates On Kali linux Spoof Your MAC Address on Backtrack 5 sql attack SSID ssldump on backtrack 5 sslstrip on backtrack 5 Start Backtrack 5 Without Startx Steam Locomotive On BackTrack5 Stop Bruteforce attack System Monitor On Backtrack 5 tcptraceroute on backtrack 5 Tctrace On Backtrack 5 TeamViewer On BackTrack 5 TELNET On Backtrack 5 Terminator On Backtrack 5 the Harvester On Backtrack 5 Things you should know about Backtrack Tweak Your System Settings On Backtrack 5 Tweak Your System Settings On Backtrack 5 Part 2 Unicornscan On BackTrack 5 Uniscan On Backtrack 5 urlcrazy on backtrack 5 urlsnarf on backtrack 5 WBOX on Backtrack 4 and 5 Weak points Web Httrack::Web Copier Websecurify On BackTrack5 Webshag On Backtrack 5 WEP CRACKING ON BACKTRACK 5 whatweb on backtrack 5 WHATWEB ON BUGTRAQ Wiffit (wafw00f): Firewall Detection Tool On Backtrack 5 wireshark Xpdf On Backtrack 5 xprobe2 on backtrack 5 Zenmap

Popular Posts