1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WRT54G WAN Port Security Issues

Discussion in 'Networking Issues' started by .:slim:., Jan 19, 2007.

  1. .:slim:.

    .:slim:. LI Guru Member

    I had two Chinese IP's in my Incoming Log on port 8080 and asked Linksys what the deal was and they suggested upgrading the firmware. So now I'm running the most recent Firmware on my WRT54G v6.

    Just a couple of days ago...there was another Chinese IP in the Incoming Log on port 8080. I have a VERY complex 16 character pasword on my router...there's no way they guessed it or Brute Forced it because Brute Force only breaks Passwords that are 15 characters or less...hence the reason I use a 16 character passwords. These IP's are coming up in APNIC as registered to China, so there's no way they accessed me via my WPA2 secured wireless connection that also utilizes a (different) VERY complex 16 character password. The only explanation is that they came from the Cox Communications network that my WAN port is connected to via my cable modem. There really isn't anything (that I can seem to find) in the config menu for hardening the security of the router's WAN port. So right now I can't tell if they're accessing my network via poor WAN port security (you know...maybe it's just sitting there wide open) or if they are getting in through the means of some kind of Hardware or Firmware flaw like a buffer overflow or something. If anyone knows how to battle this problem let me know.

    As far as I know...they weren't on any of my systems, I have a PC, a laptop and an Xbox360. The firewall logs on my PC and laptop were not compromised and showed no trace of these IP's on either system...and I STRONGLY doubt they were on my 360. So it appears they got on my router, looked at my config (didnt notice any changes) and left. So...there wasn't any damage, but either way still, nobody wants Chinese hackers in their network.

    My NAT is configured like this:

    Network: 192.1681.248/29
    Subnet Mask: 255.255.255.248
    First IP (Router) : 192.168.1.249
    Next IP (XBox360): 192.168.1.250
    Next IP (Unused): 192.168.1.251
    Next IP (Unused): 192.168.1.252
    DHCP Pool: 192.168.1.253-254 (two IP's)
    (my laptop and PC pull from these two IP's)

    Broadcast: 192.168.1.255



    A+, Net+, CEH

    Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.
    -Kevin Mitnick
     
  2. Mastec

    Mastec Network Guru Member

    If they do access your router I think all they can do is change settings or shut it down. But I don't think they can actually access your computers. I have tried setting up a remote connection between my brother and myself so I dont have to drive across town everytime he screws something up. Each time I tried I could not access his PC thru the router. If he bypassed the router I had access.
     
  3. pablito

    pablito Network Guru Member

    Did they actually login or just probed your ports? If you don't have remote access activated they shouldn't be able to login. I prefer using a VPN to access my router when remote. password isn't good enough no matter how complex.

    I can usually see port violations within seconds of connecting to the net. it is normal activity. China and Brazil are the most common sources of these persistent attacks. they never get in but they are always trying.

    8080 is a common port for web proxies and I'd suspect they are looking for an open proxy to use.
     

Share This Page