Hughesnet Community

Loss Of Allowance -Was My Router Hacked?

cancel
Showing results for 
Search instead for 
Did you mean: 
ecoalex2
Tutor

Loss Of Allowance -Was My Router Hacked?

With yesterdays hack of DYN , the resulting slowed, or blocked service did I suffer this last week when I lost all my allowance and tokens? Home devices were hacked, routers among them. I didn't set up password protocol in my router, because of my location far from neighbors. Was my router hacked in a prelude to yesterdays attack?
It's the only explanation for my loss of allowance last Friday, and yesterday's Friday attack.
28 REPLIES 28
BirdDog
Assistant Professor

Alex, about all I can say for sure is not having a password set on your router is a very bad thing.
Gwalk900
Honorary Alumnus

Always change the default username and password to the routers GUI and ALWAYs enable wireless encryption and all wifi frequencies.

This is needed to prevent "drive-by" connections by every device that comes within range.

Someone can visit and have a phone or tablet in their possession and it WILL latch on your open network.

Also disable Guest Accounts, Remote Access and WPS and all router related "cloud" services.


Also, be aware that there is a Linux kernel vulnerability:


US Department of Homeland Security US-CERT


National Cyber Awareness System:


 


Linux Kernel Vulnerability
10/21/2016 12:50 PM EDT

Original release date: October 21, 2016

US-CERT is aware of a Linux kernel vulnerability known as Dirty COW (CVE-2016-5195). Exploitation of this vulnerability may allow an attacker to take control of an affected system.

US-CERT recommends that users and administrators review the Red Hat CVE Database, the Canoical Ubuntu CVE Tracker, and CERT Vulnerability Note VU#243144 for additional details, and refer to their Linux or Unix-based OS vendors for appropriate patches.

This product is provided subject to this Notification and this Privacy & Use policy.





BirdDog
Assistant Professor

I believe no security set up on the router leaves it vulnerable  regardless wireless "drive by" or not. The router firewall can easily be penetrated  by hackers if security is not set up.
ecoalex2
Tutor

As I mentioned, I am far from the road, or neighbors, much farther than the 300 feet limit for this router. I don't think wifi theft/hacking is a problem, however web connected vulnerability is.
The hack was thru the web.
My question was whether I lost my allowance due to web hacking?
BirdDog
Assistant Professor

Still, there are settings on many routers that can make a difference . I have DMZ setting which opens the door. What router do you have? If running a non-secure OS like XP then you are open to anything.

GabeU
Distinguished Professor IV

ecoalex,

Do you have a satellite TV receiver connected to your router, or any other device that controls anything in your home?  It seems that a lot of different devices were used in the DDOS attack on DYN. 

ecoalex2
Tutor

I do have dish tv and run Linux Mint 17 OS. The router is a Linksys 0168.
GabeU
Distinguished Professor IV

It's entirely possible that, if its connected to your router, your Dish TV receiver was used as a part of the DYN DDOS attack.  Again, possible, but that doesn't mean it was for sure.  They were one of the things that was used quite a bit in the attack.  Unfortunately, without having some type of firmware that allows you to view what data each device uses, you may never know if it was, in fact, used. 

They did it through the net, so the fact that your router isn't within range of anybody being able to hack into it wouldn't matter. 

I would take the advice and at least change your router GUI password, even if you can't change the sign in name (some of them are locked in with the name "admin" and can't be changed).  I don't know if that would stop the type of attack that happened, or even if your device was involved, but it's still a good idea to have the router GUI password protected, anyway. 

maratsade
Distinguished Professor IV

"ALWAYS enable wireless encryption and all wifi frequencies.[...] Also disable Guest Accounts, Remote Access and WPS and all router related "cloud" services."

GWalk, do you have instructions or a link to instructions on how to do all this? Thanks!


Gwalk900
Honorary Alumnus

The details will vary with the brand and model of your router but is done by opening the routers internal GUI.
What do you have the routers LAN IP set to?
192.168.1.1 is common.
maratsade
Distinguished Professor IV

I'm embarrassed to say I don't know -- the HN installer set it all up. 192.168.1.1 sounds familiar though, so he may have set it to that.  I don't even remember how to open the router's internal  GUI.  I'll do a bit of digging and see if I can access it. I think it was installed on one of the laptops, so I'll check. Thanks, Gwalk!
Gwalk900
Honorary Alumnus

Just enter that IP into a browsers address bar and see if it takes you to the routers log in screen.
maratsade
Distinguished Professor IV

That worked -- a login dialog comes up, but I don't seem to have a username for it on my installation notes; or rather, the username I have isn't working. Sigh. ETA: figured it out, finally. I'm on the router's main page.
Chris11
Alum

Hi ecoalex, 

I agree with GabeU. I don't think you'd be able to pinpoint whether the data was used through the hack. I know with DDos attacks, whatever computers are used in the bot net would def be using data. However if your computer was a part of that is hard to determine. 

- Chris
GabeU
Distinguished Professor IV

maratsade,

A lot of times, the sign is admin and the password is password.  LOL.  It's kind of ridiculous, but this is how a lot are preset. 

GabeU
Distinguished Professor IV

And, as everyone knows, or should know, be VERY WARY of emailing someone you don't know.  It's NOT a good idea. 
maratsade
Distinguished Professor IV

Agreed, Gabe. And what is "email account bruted forced log in passive traffic identification"?
maratsade
Distinguished Professor IV

Yes, the username used to be admin, and the password was super secure: it was admin too.  LOL.  I had actually changed the whole thing the day of the install (2014, I think) and kept a cryptic note on the router's manual.  I had to think for a while to figure out what the note meant!
BirdDog
Assistant Professor

And, as everyone knows, or should know, be VERY WARY of emailing someone you don't know.  It's NOT a good idea. 
Unless you want a Russian data miner to have your email address. Roberts Cooper.....yea right.

And what is "email account bruted forced log in passive traffic identification"?
Hacking.
GabeU
Distinguished Professor IV

Well, that's next to the flarmingon ram traffic glacktron tigglehopper.