2

I have a few questions about network hacking:

  1. Can I infect the entire network (all computers, servers inside) if I broke into and infect the router? If so, how?

  2. Imagine a corporation that has a website on their private servers in your private network. Can I track down the router using information from the website? I think I can if any traffic from/to/in network flows through the router. So if I can connect to the server site, I can also connect to the router. If so, how?

  3. At security.stackexchange.com (Router being infected by malware) I read that if you have full access to the router you can change the DNS settings so that all network traffic flows through your computer (man-in-the-middle between my computer and attacked router) and you can inject malicious code into traffic to any computer in that network. Is such an attack feasible?

Community
  • 1
Bartosz Królak
  • 115
  • 1
  • 6
  • 1
    if you bold everything, there's no point in bolding anymore – schroeder Oct 01 '16 at 20:32
  • infections depend on the vulnerabilities that allow it - if all computers have the same vulnerability, then sure – schroeder Oct 01 '16 at 20:35
  • I think all of your questions can be answered if you understand what you are asking with #3. If you control the router, then you control all traffic flowing through it. If you control the traffic, then you can modify that traffic and exploit weaknesses. Can you infect "the whole network?" No, just potentially the computers sending traffic through that router. – schroeder Oct 01 '16 at 20:46

1 Answers1

3

  1. Can I infect the entire network (all computers, servers inside) if I broke into and infect the router? If so, how?

    Not really. It isn't the fact that you broke into the router, that "only" gives you a foothold. You've still then got to break into the computers in that network. However, you are a major step closer and that's why enterprise networks are segmented. You are also confusing a home network where the router and firewall are the same device with an enterprise network where, typically they are not. In those cases, the firewall and possibly several other protection devices are inside the router.

  2. Can I track down the router using information from the website?

    Maybe. But only if the server is in the same network as the router. This is likely to be the case in smaller networks but may not be in larger ones that may have several DMZ networks. In those cases, you may only be able to find the nearest router or firewall.

    So if I can connect to the server site, I can also connect to the router. If so, how?

    Nope, same problem as before. While you know where the device is logically speaking, you still don't know the credentials to get into it to do anything "useful".

  3. change the DNS settings so that all network traffic flows through your computer ... inject malicious code into traffic to any computer in that network. Is such an attack feasible?

    Partially. If the network were using something like DNSsec then probably not at all. Otherwise, you would still need to MITM any HTTPS/TLS certificates, it isn't enough to have a MITM for the raw traffic if that traffic is encrypted.

    But in an internal enterprise network, it is less common for the traffic to be encrypted between machines. It causes overheads in running and also in operational support so it is often ignored. In that case, your MITM device would have to also be inside the network of course and not outside. Another good reason for large networks to be segmented since it limits the number of machines a rogue element can get to.

Julian Knight
  • 7,092
  • 17
  • 23