Topic: Security - router (Read 266 times)

The simplest solution to avoid it entirely is probably to set a static DNS for your computer. Google's (8.8.8.8 or 8.8.4.4) should be good enough for most, but you may want to look up Open DNS or other providers. This is pretty easy to do, you just need to Google exact instructions for your OS.

You can otherwise tweak your router to detect it, but that requires a bit more technical knowledge. If you're suspicious of the person who installed it, you can just do a factory reset to undo whatever he modified -- this may break your connection depending on the ISP though, so be careful.

VPNs also work. Everyone who uses crypto should have a VPN imo.

Wow! This is something new to me, and it is a bit technical. How does someone who is not familiar with the technicalities detect this hole?

Nope, cold wallets should theoretically be invulnerable to any attacks that involve a compromised router. VPNs should also protect you against most of them.

It sounds like someone just installed a shit router on OP's home. The main point of concern is the person setting up your router can potentially expose you to threats. Most routers have a factory reset button somewhere (the one you need to prick with something thin) and using that should be able to solve most problems unless your router has shit default settings.

technically, can cold wallets on USB devices and other, be hacked because of router leaks?
Is there sense in such devices when you have a usual router?

In addition to this, if you are a bit more thechy just grab an old PC and run a proper free software like pfSense or MikroTik.
Then you can setup your own VPN and Firewall not only routing.
I have a Load Balancing configured and I can say that there's nothing better than a backup line

ty you for sharing this.
but i think this can be achieved easier. Never use a router that a ISP offers you and never let anybody else alter setting.
use something like Linksys WRT1900ACS and install https://dd-wrt.com

It is based on real history.

For those who are too lazy to read at once I write that basically it is necessary to monitor two things in the router through which you connect to the Internet:

• in the DNS configuration, there should be no left garbage;
• it must be ensured that no one can write garbage in the DNS configuration;
• it is desirable that the firmware file of the router be the same as the firmware file on the manufacturer's website (check for checksums).

     
If you click this point, at the most, outside hackers will know which sites you are visiting. In the worst you will be sent to a phishing site with all the ensuing consequences.

Now my story.

Recently I changed my place of residence and connected the Internet to a new place. On the old one was the ADSL, on the new optics 100 MB / s. I did not have my own router. The old router had factory default settings that were protected, that is, it was only possible to connect to it after the first power-up on the LAN port.

A specialist from the provider came to me with a router. He started connecting the router and without permission changed the DNS settings from auto to manual. Well, I was a little surprised. Then I was even more surprised when he entered the DNS server address 150.254.124.26 without my permission. All this was happening in front of me. It's just that I've never seen such an ip in my city. Strange some kind of provider settings, I thought. I thought: when I have free time - I read the instructions, it will be necessary to understand. In the meantime, let everything remain so, I will not touch anything, it's with the factory settings - it means protected.

Further I was engaged in crypto-currency affairs and noticed a few oddities: in the first days with me at the height of the activity, the router rebooted itself. I thought (well, I'm an asshole!) That it could not stand my pressure surfing. After 2 weeks for some strange reason, the session on the exchange dropped a couple of times, which usually happened when I visited it from another computer. (I still remember that fortunately, shortly before this, everything was taken from exchange to a local wallet). Well, I went into the router, it seems everything is fine, just in case I put the password on the admin.

After another 2 weeks, they took up my arms tightly. All exchanges either did not download, or began to give out messages "the site does not give out for who it is", etc. When connecting through VPN, everything was OK and I immediately realized that I was wrong not having to deal with the router right away. After changing DNS from the manual on the car it all worked. I quit all the business and took up the settings.

In the process of parsing it turned out that everything is sad. The router was one solid dirty hole:

• the factory settings are such that anyone without a password can connect via LAN, Wi-Fi and WAN and change the settings as you like (but when you save, you will need to reboot the router - I wrote above how it rebooted itself)
• a brief instruction on a piece of paper from the box did not warn about the vulnerability
• help instruction in English for each setting is useful, but about the vulnerability nothing was said

       
In general, I had to deal with trial and error, experimentally, I found the entire vulnerability of the product and the absurdity of the factory settings. So keep in mind that this also happens and do not relax.
What in this case to do - decide for yourself. I'll write what I did, in chronological order, with frequent save-reboots of the router:

• disconnect WAN cable
• Resetting settings to the factory and immediately password-protected admin and user with changing names to other
• disable wifi
• setting up an Internet connection, connecting a WAN cable, downloading the latest firmware, disconnecting the WAN cable (!), updating the firmware. By the way, the firmware update does not reset the settings to the factory ones, which is not right in my opinion.
• reset the settings to the factory settings, immediately protect the admin and user, for reliability with changing the names
• Wi-Fi password
• set up the Internet
• connect a WAN cable
• with a router everything, now go change passwords on websites
  

And for the future if I ever connect the Internet somewhere, the connection specialist will come, connect the wires, check that everything is working and will be removed with his router. For the house, the router will be purchased at the store.

Thank you for your attention, take care of the freaks.


This topic is an English adaptation. Russian original by DarkNightRider: https://bitcointalksearch.org/topic/--2944516
Thank you for attention!