cancel
Showing results for 
Search instead for 
Did you mean: 

Can I log in to my modem from a remote location?

Distinguished Professor IV

Re: Can I log in to my modem from a remote location?


@MarkJFine wrote:

I would think between the page I stated and the old by-hour thing (if it still exists) would work fine for what's needed.

Right now the modem doesn't show historic usage by device, but does show what's currently connected. Not sure how helpful that is because whatever was using data could have already disconnected and there's no way to discern the two... yet.

 

Technically, we know it's possible to make this available remotely 'somewhere'. The question we're not asking is 'should we'.

 

When it comes to things like this sometimes it's better to keep data that might be available out in the open to a minimum for security purposes. You certainly don't want someone being able to log directly into your modem to update it with something cURLed via remote code from a DigitalOcean, Alibaba, or Baidu botnet server so it becomes part of someone's Bitcoin mining operation (as an example).

 

I see logs of these kinds of things meant for IoT devices on a daily basis. They are indiscriminate and attack things incrementally sweeping through IPs with no DNS involved, looking for targets, using php vulnerability probing scripts that are as long as my arm. And, they're getting sneaky enough to use open proxies to hide behind so all you know is the signature of the attack, but no proof of the source.

 

Realize that sounds pretty grim, almost tin-hatted, but it's reality. I just spent two hours just dealing with the shenanigans my one site got hit with today.


Good reasons to not do it.  That's why I included you in the question.  You know better about this kind of stuff than I do.  


AMD FX-6100 | Samsung 250GB 840 EVO SSD | Western Digital Blue 500GB HDD | 16GB DDR3-1866 | EVGA Geforce GTX 550ti | Windows 10 Pro 64-bit
Professor

Re: Can I log in to my modem from a remote location?

From what I've read about LogMeIn, it appears the OP could use it if it were installed at home and on a travelling laptop.  Security concerns are another issue, of course, and definitely to be considered seriously, but LMI is used widely and it seems to work well, and security risks are up to the user, who may choose to take a risk in exchange for perceived benefits. 

Assistant Professor

Re: Can I log in to my modem from a remote location?

Just a few recent examples that came in direct to my server's IP to so I can drive home the security risks:

 

106.4.199.210 - - [11/Feb/2019:04:09:27 -0500] "CONNECT www.baidu.com HTTP/1.1" 400 0 "-" "-"

This is from a ChinaNet IP looking to proxy my server to www.baidu.com using a script that provides no user agent. I have CONNECT, OPTIONS, and PROPFIND methods all blocked, as well as anything attempting WebDAV access (another thing they like to exploit).

 

125.76.61.225 - - [11/Feb/2019:04:09:27 -0500] "GET http://api.ipify.org/ HTTP/1.1" 403 7187 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36Mozilla/5.01732016 Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0

This is from another ChinaNet IP looking to proxy using GET instead of CONNECT using a badly faked Chrome user agent, or Firefox, can't tell because they mangled it so bad. I have others where the UA actually starts with "User-Agent:", which is mildly humorous.

 

I'll save you the log listing, but there's one clear script kiddie from an Alibaba Cloud IP (also China) that starts at 05:16:56 and continues until 05:20:09 with about 300 GETs and POSTs probing for specific php-based vulnerabilities, all with accurate but faked user agents. There's another one later between 15:28:03 and 15:44:11 from Tencent Cloud Computing in Beijing, amongst others such as Baidu and Huawei.

 

An that's not even the scary stuff, because I can easily block those with a finely honed htaccess file for the ones coming in direct via IP, and using Cloudflare for those coming in by name server.

The scary stuff are the botnets that are designed to hijack IoT devices and modems:
46.17.47.173 - - [05/Feb/2019:11:45:50 -0500] "\x16\x03\x01" 400 0 "-" "-"
185.222.211.0 - - [10/Feb/2019:17:15:35 -0500] "\x03" 400 0 "-" "-"

That first one is from a Baxet server in Russia, the second from Outsource Grid in the UK, both are executing binary code.

 

There are others that contain inline textual code that are designed to download and replace firmware on your device (security cameras, modems, routers, etc. - anything externally addressable) so it can take control of it. I just don't have any examples atm, because they've been lying low with me lately.

 

The other scary ones are those that attempt rapid-fire/overload brute force logins of a Wordpress, Drupal, or other hosted blog site so they can implant malware within the hosted database and reroute visitors to get infected. Those are the ones that keep me up at night, because if they get in it's real difficult to override what they did before any real damage is already done.

 

So, that's my "frightened stiff" speech wrt the risks.


* Disclaimer: I am a HughesNet customer and not a HughesNet employee. All of my comments are my own and do not necessarily represent HughesNet in any way.