1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Urgent!! I think im hacked?

Discussion in 'Cisco/Linksys Wireless Routers' started by pressrestart, Aug 20, 2006.

  1. pressrestart

    pressrestart LI Guru Member

    Ok so here;s whats going on. I googled my own IP adress and clicked on the link and it brought up a user login screen, while still on google. I put in a random username and password and was loged onto a page that said linksys in the left corner and it has a bunch of seetings that i am able to change. What is this page? There are no outgoing links. Im just woried someone can screw with my connection sense i loged on to this mysterypage without anyideas what im doing...please help asap so i dont hget hacked....
     
  2. Esquire

    Esquire Mesquire Staff Member Member

    Mind PM me your "googled" IP so I can take a look?
     
  3. kg4mrv

    kg4mrv Network Guru Member

    The page you connected to was the configuration page for your router. You shouldn't normally be able to access it through the WAN address (ie. your public IP) unless you have remote management enabled. The process for disabling it depends on the model of the router.

    The fact that you were able to get in w/ any random password is what disturbs me. This page should be password procted, and you should not have been able to get in like that, unless you just happened to use username:<blank> and password:admin, which is the default for most linksys home routers. You should change this as soon as you can.
     
  4. pressrestart

    pressrestart LI Guru Member

    What I did first was a reverses DNS lookup, googled that, and clicked on the link form google, not the actual IP, but i just checked and using the regular Ip adress works too.. Actually I didnt use a random name i just used admin/admin.
    What do all these settings do for me configuration page for router? Could someone mess up my connection. Ive googled other known Ip adress's with linksys routers and it didnt even bring up a logon...hmm. this really bothers me.
     
  5. beavis123

    beavis123 Guest

    Why don't you change the password?
     
  6. Esquire

    Esquire Mesquire Staff Member Member

    It depends on at which IP you are looking. If it is your WAN IP, make sure Router Remote Access is not enabled. If it is your local IP (192.168.1.1), change your default password as suggested.
     
  7. ifican

    ifican Network Guru Member

    Ok what is most probably going on here is you are inside your own network and logging into your router from the inside, which even though you are hitting your wan side interface, you are still accessing it from the routers point of view from the inside. So yes, change your default password, however i would venture to guess that remote management is turned off as it is by default.
     
  8. pressrestart

    pressrestart LI Guru Member

    It is my WAN IP.
     
  9. pressrestart

    pressrestart LI Guru Member

    Amd I am currently on my network when I googled it. I dont want wep/wap enabled because my neighbor who is my friend uses my connection. I just Dont want him, or anyone else that is wardriving someday to find this and go hmm what do we have here...So how do i change the password in the configuration page?
     
  10. HennieM

    HennieM Network Guru Member

    If you are on your internal net, and connect to your WAN IP, you are connecting from "inside" from the router's point of view. Like this: You want to get to your right hand via your left hand (left hand=internal net). Your brain is in the middel, so it sees you are coming from the left hand, and connect to the brain without actually going through the right hand.

    Best to test - or have someone test - from a computer not on your internal net.

    To change your router's pw, go to the Administration tab on the web interface.
     
  11. pablito

    pablito Network Guru Member

    1. You have to test WAN access from the outside, i.e. internet. You are already on the inside which the router will allow even when going to the WAN IP.
    2. Change the password. change the password. It is in the interface somewhere, look for it. And verify that remote access is disabled.
    3. Enable encryption. enable encryption. Config your neighbor for it if you want him online.

    no encryption + default password == certain trouble.
     
  12. DocLarge

    DocLarge Super Moderator Staff Member Member

    Relax, you logged into your router from behind your own connection.

    Previous versions of linksys routers (i.e, WRT54G and WRV54G) allowed you to log into the router page via your wan IP (i.e., http://57.34.5.66) from "behind" your router's private ip segment. Because WAN ip access from behind your router soon came to be viewed as a vulnerability (spoofing was the issue, I believe) corporate routers and some SOHO routers (for example, the WRV200) as a result, will "not" allow you to access your router's login page via your ISP provided WAN ip address from behind your home router. Instead, you are locked into strictly accessing your router's login page by private ip address only "while logged onto the private LAN segment." If you were out of your house and someplace else, then you would use your WAN ip to include an assigned remote managment of your choice to access your router (i.e., http://57.34.5.66:8080)

    I know for a fact I was able to do that with my WRT54G V1 and my WRV54G, but now, I can only log on to my WRV200 by using the "private" LAN ip only.

    Jay
     
  13. chris547

    chris547 Network Guru Member

    If your ISP uses a proxy for dialup users, temporary set your browser to this and see if you can still connect. Since you'll in effect be connecting from the internet you'll probably find that you can't. Or you could do a port scan using something like http://grc.com and have a look and see what ports are opened.
     
  14. santattack

    santattack Network Guru Member

    Linksys WRT54GS POST Request Configuration Change Authentication Bypass Vulnerability

    Could it be that this problem is related to this Vulnerability ?

    Please see this site :
    http://www.securityfocus.com/bid/19347/info
     
  15. sNNooPY

    sNNooPY LI Guru Member

    um..why is WEP/WPA encryption problem? Just give your neighbor the passphrase, set up the gateway, enable MAC filtering and you're good to go. :)
     
  16. SAPo57

    SAPo57 Network Guru Member

    He doesn't need to use encryption. He can just look up his neighbors MAC address from the DHCP server IP log on his router and add it to the MAC filtering option to only allow that station to access his network.
     
  17. kg4mrv

    kg4mrv Network Guru Member

    MAC filtering is not really the best option for security since MAC addresses are fairly easy to spoof. Although the average Joe Schmoe probably cant do it, someone w/ a fair amount of knowledge could do it.

    Also, even if they dont connect to the router, w/o WEP/WPA the data is unencrypted and is susceptable to being intercepted passively (i.e just reciving and decoding the data from the airwaves)
     
  18. sNNooPY

    sNNooPY LI Guru Member

    exactly. I don't get people that recommend other people (especially newbies) "just to turn on MAC filtering and that's enough". C'mon people, be real,everything that travels via air is UNSAFE. AT LEAST turn on WEP encryption. I would recommend WPA2 of course.

    Turn on MAC filtering, Set up WPA/WPA2, adjust the router and you're done. :thumbup:

    Don't mess with wi-fi security.
    I live a "no-wireless" neighborhood, but I still got WPA2, MAC filtering, SSID broadcast off and all the necesary protection.
    Use protection, it's safer :biggrin: :biggrin: :biggrin:
     
  19. slamcat

    slamcat Network Guru Member

    Do that, and you're inviting trouble. Even with MAC filtering, a packet sniffer can yank that MAC address out of the air in notime flat, then spoof the MAC to allow it in.

    An analogy: leaving your house locked, but the keys are under the mat.
     

Share This Page