If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Can a router lie?
The activity light was flashing away for some minutes on my
router-modem, so I logged into it and found just two devices connected; both mine, both legit. A Win10 tablet was updating. It got me wondering, though. Could my router be hacked and not show the hacker? Ed |
Ads |
#2
|
|||
|
|||
Can a router lie?
|
#3
|
|||
|
|||
Can a router lie?
pjp wrote:
In article , says... The activity light was flashing away for some minutes on my router-modem, so I logged into it and found just two devices connected; both mine, both legit. A Win10 tablet was updating. It got me wondering, though. Could my router be hacked and not show the hacker? Ed Of course it can is my guess. I had no doubt it could be hacked. But there's another element here. Could someone hack it and then stay invisible when I log in? Ed |
#4
|
|||
|
|||
Can a router lie?
On 12/28/2017 11:04 AM, Ed Cryer wrote:
The activity light was flashing away for some minutes on my router-modem, so I logged into it and found just two devices connected; both mine, both legit. A Win10 tablet was updating. It got me wondering, though. Could my router be hacked and not show the hacker? Ed I disabled WiFi on my router. Our PCs are connected via ethernet cables. -- David E. Ross http://www.rossde.com/ President Trump: Please stop using Twitter. We need to hear your voice and see you talking. We need to know when your message is really your own and not your attorney's. |
#6
|
|||
|
|||
Can a router lie?
On 12/28/2017 11:04 AM, Ed Cryer wrote:
The activity light was flashing away for some minutes on my router-modem, so I logged into it and found just two devices connected; both mine, both legit. A Win10 tablet was updating. It got me wondering, though. Could my router be hacked and not show the hacker? Ed As far as blinking LED lights showing activity - I think it depends on what model router you have, here's one that allows you to disable that behavior. You can find out very easily by logging into your router or reading the manual. https://kb.netgear.com/24603/How-do-...ghthawk-router |
#7
|
|||
|
|||
Can a router lie?
Ed Cryer wrote:
pjp wrote: In article , says... The activity light was flashing away for some minutes on my router-modem, so I logged into it and found just two devices connected; both mine, both legit. A Win10 tablet was updating. It got me wondering, though. Could my router be hacked and not show the hacker? Ed Of course it can is my guess. I had no doubt it could be hacked. But there's another element here. Could someone hack it and then stay invisible when I log in? Ed Some (but not all) routers run Linux. Some use an embedded OS of some sort. The router can have a three pin interface, consisting of TTL level Transmit, Receive, GND. That's a serial port but without an RS232 level translator. To connect to that, there were some adapters for cell phones, that were USB on one end, and TTL level three pins on the other end, and you'd solder one of those to your router to talk to it. Once the USB connector is plugged into your PC, you should be looking at the console port traffic of the embedded OS. You should also be able to run commands from there. For example, you could run the "ps" command and do process status. And see whether any strange processes are present. Or use the "who" command and see who is logged in. Now, that's not likely to work, and it'll probably show that "root" is the only user. All that's left then, is seeing whether any process has a strange name. And you know how well that's going to work (disguise is the first thing they'd do in there). So yes, it's possible to snoop on what a router is doing, if you can find the header with that interface on it. And assuming the console is enabled and dumping to that port. ******* If you bought a router from this company, it might have a console port on the outside of the chassis. https://mikrotik.com/products This is an example. A five port Ethernet PCB, with a serial port. It's $70, but it doesn't say what quantity you have to buy to get that pricing. The products they make, are designed to be more than simple consumer products. https://mikrotik.com/product/RB450 Once you see something you like, then go off on a Google spree, and see if any of those are out in the wild, with someone bragging about what they've done to it or with it. Paul |
#8
|
|||
|
|||
Can a router lie?
Mike S wrote:
On 12/28/2017 11:04 AM, Ed Cryer wrote: The activity light was flashing away for some minutes on my router-modem, so I logged into it and found just two devices connected; both mine, both legit. A Win10 tablet was updating. It got me wondering, though. Could my router be hacked and not show the hacker? Ed As far as blinking LED lights showing activity - I think it depends on what model router you have, here's one that allows you to disable that behavior. You can find out very easily by logging into your router or reading the manual. https://kb.netgear.com/24603/How-do-...ghthawk-router The PHY silicon on Ethernet usually has programming options for stuff like that. Some PHY can be programmed for a one LED RJ45, a two LED RJ45, and so on. When you de-assert RESET on a PHY, it'll auto-negotiate with the other end, and if you have a bicolor LED (yellow/green), the LED will indicate whether the link is running 100BT or GbE or whatever. While a second LED blinks for activity. There might have been strap options for the thing as well, to determine what mode it comes up in by default. The nice thing about the PHY, is it can do stuff by itself, even if the processor is dead. When you're working in the lab, if you see the LEDs flash, it means your board got power, and the RESET signal is deasserted. (The PHY won't start if the RESET signal is present.) After the processor starts running, you can have some firmware go in there and program the registers to any non-strap state you might want at that point in time. (Like change from full-duplex to half-duplex perhaps.) The blinking, doesn't even have to come from the processor. The PHY itself can have a pulse stretcher, so that a 20uS runt packet, causes the LED to flash for 20 milliseconds. That allows low duty cycle activity, to give a decent light level for the user to notice. And when the packet rate is railed, the LED can blink in a fake activity pattern (50% duty cycle, or 30/70 or whatever). Pulse stretching takes a miserable LED light show, and makes it decent looking. If you didn't have pulse stretching, that indicator would really be hated by people. The first time I used one of those, I was really impressed by the thought they put into it. Paul |
#9
|
|||
|
|||
Can a router lie?
On 12/28/2017 9:19 PM, Paul wrote:
Mike S wrote: On 12/28/2017 11:04 AM, Ed Cryer wrote: The activity light was flashing away for some minutes on my router-modem, so I logged into it and found just two devices connected; both mine, both legit. A Win10 tablet was updating. It got me wondering, though. Could my router be hacked and not show the hacker? Ed As far as blinking LED lights showing activity - I think it depends on what model router you have, here's one that allows you to disable that behavior. You can find out very easily by logging into your router or reading the manual. https://kb.netgear.com/24603/How-do-...ghthawk-router The PHY silicon on Ethernet usually has programming options for stuff like that. Some PHY can be programmed for a one LED RJ45, a two LED RJ45, and so on. When you de-assert RESET on a PHY, it'll auto-negotiate with the other end, and if you have a bicolor LED (yellow/green), the LED will indicate whether the link is running 100BT or GbE or whatever. While a second LED blinks for activity. There might have been strap options for the thing as well, to determine what mode it comes up in by default. The nice thing about the PHY, is it can do stuff by itself, even if the processor is dead. When you're working in the lab, if you see the LEDs flash, it means your board got power, and the RESET signal is deasserted. (The PHY won't start if the RESET signal is present.) After the processor starts running, you can have some firmware go in there and program the registers to any non-strap state you might want at that point in time. (Like change from full-duplex to half-duplex perhaps.) The blinking, doesn't even have to come from the processor. The PHY itself can have a pulse stretcher, so that a 20uS runt packet, causes the LED to flash for 20 milliseconds. That allows low duty cycle activity, to give a decent light level for the user to notice. And when the packet rate is railed, the LED can blink in a fake activity pattern (50% duty cycle, or 30/70 or whatever). Pulse stretching takes a miserable LED light show, and makes it decent looking. If you didn't have pulse stretching, that indicator would really be hated by people. The first time I used one of those, I was really impressed by the thought they put into it. Â*Â* Paul I'm impressed by the thought and detail you put into your posts! |
#10
|
|||
|
|||
Can a router lie?
On 28-12-2017 20:04, Ed Cryer wrote:
The activity light was flashing away for some minutes on my router-modem, so I logged into it and found just two devices connected; both mine, both legit. A Win10 tablet was updating. It got me wondering, though. Could my router be hacked and not show the hacker? Ed Yes, it can. Our router was hacked, we found that even the system firmware was changed. We were never aware of anything, until I logged in onto our router. It referred to a different IP address and I was not aware to change that. Eeven a reset did not work. It didn't show any hacker's IP address or whatsoever. The IP address was something from a Brazilian site. We bought a new router. Fokke |
#11
|
|||
|
|||
Can a router lie?
On 12/29/2017 10:19 AM, Fokke Nauta wrote:
On 28-12-2017 20:04, Ed Cryer wrote: The activity light was flashing away for some minutes on my router-modem, so I logged into it and found just two devices connected; both mine, both legit. A Win10 tablet was updating. It got me wondering, though. Could my router be hacked and not show the hacker? Ed Yes, it can. Our router was hacked, we found that even the system firmware was changed. We were never aware of anything, until I logged in onto our router. It referred to a different IP address and I was not aware to change that. Eeven a reset did not work. It didn't show any hacker's IP address or whatsoever. The IP address was something from a Brazilian site. We bought a new router. Fokke My Netgear router allows me to save its current configuration in a file from which I can restore that configuration. Of course, a changed firmware might disable my ability to restore. -- David E. Ross http://www.rossde.com/ President Trump: Please stop using Twitter. We need to hear your voice and see you talking. We need to know when your message is really your own and not your attorney's. |
#12
|
|||
|
|||
Can a router lie?
On Thu, 28 Dec 2017 17:20:32 -0800, David E. Ross wrote:
I disabled WiFi on my router. Our PCs are connected via ethernet cables. And it's still connected to the Internet... -- s|b |
#13
|
|||
|
|||
Can a router lie?
On Fri, 29 Dec 2017 19:19:43 +0100, Fokke Nauta wrote:
Yes, it can. Our router was hacked, we found that even the system firmware was changed. We were never aware of anything, until I logged in onto our router. It referred to a different IP address and I was not aware to change that. Eeven a reset did not work. It didn't show any hacker's IP address or whatsoever. The IP address was something from a Brazilian site. We bought a new router. Care to share which routers? -- s|b |
#14
|
|||
|
|||
Can a router lie?
On 12/29/2017 1:47 PM, s|b wrote:
On Thu, 28 Dec 2017 17:20:32 -0800, David E. Ross wrote: I disabled WiFi on my router. Our PCs are connected via ethernet cables. And it's still connected to the Internet... Yes, but I eliminated one hacking path. -- David E. Ross http://www.rossde.com/ President Trump: Please stop using Twitter. We need to hear your voice and see you talking. We need to know when your message is really your own and not your attorney's. |
#15
|
|||
|
|||
Can a router lie?
On Fri, 29 Dec 2017 19:19:43 +0100, Fokke Nauta
wrote: On 28-12-2017 20:04, Ed Cryer wrote: The activity light was flashing away for some minutes on my router-modem, so I logged into it and found just two devices connected; both mine, both legit. A Win10 tablet was updating. It got me wondering, though. Could my router be hacked and not show the hacker? Ed Yes, it can. Our router was hacked, we found that even the system firmware was changed. We were never aware of anything, until I logged in onto our router. It referred to a different IP address and I was not aware to change that. Eeven a reset did not work. It didn't show any hacker's IP address or whatsoever. The IP address was something from a Brazilian site. Probably spoofed. Why would a Brazilian want to use your router ? There are so many available here with just the default passwords set ... admin admin etc. We bought a new router. I hope you changed the password before connecting it to the net... []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|