Sunday, January 29, 2012

Save your modem / router from DND MITM Attacks

B8HXUZ8BUZ98
Recently I started facing a problem with internet connection. I was not able to open yahoo.com, microsoft.com. Instead of these two sites, Ukranian Site was opening. I thought that these 2 sites are hacked. Then I tried opening both sites on my iPhone with GPRS. It worked properly. Both sites were opening perfectly on GPRS. Then I realised that the problem is with my PC / Network. Then I tried my desktop. Same result. None of the sites were opening there too. So Its not the problem with my laptop or desktop. Its the problem of the network. Then I investigated my WIFI Router (Belkin). Checked the settings every thing seemed to be fine there. Still I reset the router and configured it again. But still no luck with the sites. these were not opening.redirecting me to Ukranian site. Then I decided to get into wired modem (beetel). Here was the problem. I was not able to log in to my modem. I was surprised. I had never changed the default username and password. So, I got it that problem is with my wired modem. Somebody has hacked into my modem and password is changed.Then I decided to reset my Wired Modem and configure it again. Thanks to Airtel Engineer who left the settings document for my modem. After resetting the modem, I tried both sites, Now these were opening.

After 4 days again same thing happened. I directly reset my modem. Didn't bother much. But when for the 3rd time, it happened. I decided to find out the solution for this. Somebody was changing my modem's password again and again and I was not able to do anything besides resetting it again and again.
 Then I followed the following steps:

1. It is better to change the default password of the modem.
2. Try to keep backup of the modem's working configuration.
3. Use OpenDNS Servers instead of using ISP's DNS.
4. Try to avoid DHCP. Keep it disabled and manually assign IP Addresses to machine.
5. Try to implement MAC Filtering feature if available.It will give you extra security.
6. Disable TFTP and TElnet services for WAN.

These few things worked for me.
If you want to know the more details the attack just follow the link:
http://blog.escanav.com/2012/01/12/disclosure-router-based-dns-mitm-attack
and if you want to know about Man In The Middle {MITM} attacks, then follow the link: http://www.windowsecurity.com/articles/understanding-man-in-the-middle-attacks-arp-part2.html

No comments:

Post a Comment