Help With Unprotected Routers

HalfMadDad · 01-21-2021, 05:33 AM

Hi Everyone

There are two main ISP providers where I live and they are both awful-awful.

I found a third ISP many years ago and I have been happy with them but after all this time, I have now discovered that the routers they have provided me are not password protected and I believe they can be externally accessed. I can set a wifi password but I don't care about that, it is my actual computers I am worried about. I have both cable and dsl routers.

What do you think I should do? I love my ISP and I don't think I can swap out the routers. Should I get a password protected switch ?

Thanks for reading-Patrick

P.S I am running Triquel, Debian and GhostBSD

business_kid · 01-21-2021, 06:00 AM

Passwords - where?

Most isps want their service guys to be able to get into your router on their network for maintenance purposes.

Their network is a good deal different from your network, as speeds differ, etc.

You should be able to set a password to prevent your nerdy kids from hacking your router and undoing the Parental protection you set up for them. But they can get public wifi if they are nerds.

HalfMadDad · 01-21-2021, 06:11 AM

Hi business_kid

Well, there are several passwords. I made a mistake and my DSL modem is password protected, my cable is not. I actually had a password for my DSL modem that I set years ago but it was reset recently after a call to the ISP.

The administrative password was user "admin" password "admin". I access this with 192.168.1.1 but if my ip address is 123.456.789.123 can't anyone just type this and my router's web interface will come up?

Couldn't Anyone login and tamper with my settings including punching holes in my firewall to open more ports to allow access to my machines? disabling internet and changing the password to lock me out etc

yancek · 01-21-2021, 08:01 AM

Quote:

I access this with 192.168.1.1 but if my ip address is 123.456.789.123 can't anyone just type this and my router's web interface will come up?

The 192.168.1.1 is the address of your router as seen within the network and will not be useful from outside as you need the DNS nameserver IP. In the past, router/modem manufacturers had simple user names such as you described: admin=admint; password=admin. They would suggest that after install the user change this, at least the password/passphrase. Most recent router/modems will have an individual passphrase specific to that device, a 10+ character passphrase generally on a sticker on the device which of course can also be changed.

HalfMadDad · 01-21-2021, 09:08 AM

Thanks yancek, I will check for this sticker!

TB0ne · 01-21-2021, 09:23 AM

Quote:

Originally Posted by HalfMadDad

Hi Everyone
There are two main ISP providers where I live and they are both awful-awful.

I found a third ISP many years ago and I have been happy with them but after all this time, I have now discovered that the routers they have provided me are not password protected and I believe they can be externally accessed. I can set a wifi password but I don't care about that, it is my actual computers I am worried about. I have both cable and dsl routers.

What do you think I should do? I love my ISP and I don't think I can swap out the routers. Should I get a password protected switch ?
P.S I am running Triquel, Debian and GhostBSD

That's exactly what I have at my home. I leave the ISP's equipment alone...if I mess with it, who knows what'll go on? They could easily detect tampering and shut off the connection, charge me $$$ for resetting the device, etc. Too much junk to read and worry about as far as that goes. My own home router plugs into the ISP's device, gets a DHCP address, and everything of MINE goes into that, which I control.

sevendogsbsd · 01-21-2021, 09:55 AM

My ISP allows me to use 100% of my own equipment, including the modem. I did have to call them and have them add the Mac address of my cable modem to their ACLs so I can get on the network. Their modem works fine but for privacy reasons I wanted my own. I just bought one they said was "authorized" for their network. I guess all ISPs do this differently.

computersavvy · 01-21-2021, 12:37 PM

Yes, all ISPs handle things differently, but if you have access to manage the router/modem locally then there usually is a capability to allow external management or not. Check that out and see if it fits your needs. Every router I have used has that option.

TB0ne · 01-21-2021, 01:47 PM

Quote:

Originally Posted by computersavvy

Yes, all ISPs handle things differently, but if you have access to manage the router/modem locally then there usually is a capability to allow external management or not. Check that out and see if it fits your needs. Every router I have used has that option.

Yep, and that's where the ISP's terms-and-conditions come into play. Some care, some don't, but there is something else to remember; if they want to roll out a software update/patch/fix/change, and they can't give YOU one, their answer may be to just drop your connection, for the sake of their network.

And you may be able to fix it with a phone call/explanation....repeat this step every single time they do something. Is it worth that much of your time/effort?

sevendogsbsd · 01-21-2021, 02:13 PM

Good point TB0ne. Reminds me I should see if any updates for my modem...

jefro · 01-21-2021, 02:34 PM

When you port monitor all the traffic on the wan side of your isp/router you find a lot of bad stuff.

That I why I put a perimeter firewall there. You can't trust your isp to protect your lan.

sevendogsbsd · 01-21-2021, 02:51 PM

I have a pfsense FW protecting my entire lan - 2 interfaces, 1 for wireless and IoT devices, 1 for wired traffic. Home lan but you can never be too careful...