• April 16, 2024, 02:14:25 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: How did this happen?  (Read 3283 times)

DCIFRTHS

  • Level 2 Member
  • **
  • Posts: 99
How did this happen?
« on: December 12, 2007, 03:34:07 AM »
DIR-655
Hardware version: A3
Firmware version: 1.10

As an experiment, I DISABLED encryption on the wireless side of one of my DIR-655s. Anyone within range could connect. I did this because I live in an apartment building, and someone has been changing the names of unsecured wireless networks to vulgar names, so I wanted to see if they could hack my router. I figure that a hands-on approach is the best way to learn about security. The only computer connected to this network was a laptop that had no personal information on it. I also shut down the laptop except for when I wanted to access the router.

Anyway, I changed the admin password on the router, to a random alphanumeric password. Sure enough, after a few days, my SSID was changed to "SECURE YOUR NETWORK A******". Additionally, the admin password on the router was also changed to an unknown value.

Is what I described possible? Or did I make a stupid mistake and not change the admin password as I thought I did? Another thought I had is that maybe if I accessed the admin pages in the router, using a wireless connection, and someone was sniffing traffic, that they could have sniffed my admin password when / if I connected wirelessly (I don't remember if I did this).

Any insight would be greatly appreciated as I want to know how this was done, if I made a mistake, or if the router could possibly has a flaw in the firmware.
Logged

heckeljohn

  • Level 1 Member
  • *
  • Posts: 4
Re: How did this happen?
« Reply #1 on: December 12, 2007, 04:34:07 AM »
The password is not secured unless you specifically set the web admin interface to connect using https.  If you had no WEP/WPA running, anyone with a laptop, wifi card, and the latest version of Cain & Abel can target web traffic to your router IP and get your password the first time you type it.  One downside to the "added security" of having admin logins time out after a few minutes is typing your password again each time to log back in after a session timeout, which creates many more opportunities for someone sniffing your traffic for an unencrypted password.
Also, you have to reboot to be sure that you changed the admin password properly.

 I would suspect any neighbor of yours that has the following traits:
-Male
-Absolutely no life whatsoever
-Resides in the same house as his parents
-Virgin
 
Logged

DRT-1000

  • n00b
  • Level 2 Member
  • **
  • Posts: 38
Re: How did this happen?
« Reply #2 on: December 12, 2007, 07:54:54 AM »
Quote from: heckeljohn on December 12, 2007, 04:34:07 AM
I would suspect any neighbor of yours that has the following traits:
-Male
-Absolutely no life whatsoever
-Resides in the same house as his parents
-Virgin


HAHAHA.  :D :D :D
Logged

Lycan

  • Administrator
  • Level 15 Member
  • *
  • Posts: 5335
Re: How did this happen?
« Reply #3 on: December 12, 2007, 03:37:02 PM »
Although humorous, I am locking this topic. Sorry :-\
Logged