2
I set up a new router with passwords and mac filters in place but after a few hours I found a "Network Device" with an unknown mac address connecting through LAN. The only LAN that was plugged in was the internet signal line. The venue is a co-work space where many people share the same network resources. Is it possible that their network has been hacked and get into other's router through the internet incoming LAN line?
Thanks
Jenni
Posted 2017-03-06T13:40:43.757
Reputation: 21
1
The router you have is a standard consumer home wifi router, so its default configuration should be safe to use, as long as you change the password to manage the router, and do not enable any unsafe practices like remote management etc.
First, be sure that the upstream device you are getting Internet through is connected to the Yellow "Internet" plug on the back of the device. This will ensure that folks upstream from you are outside the network your router is defining.
Home routers use a technology called NAT, that works with your firewall, to allow you to request resources from the Internet, without allowing people on the Internet access to your LAN. Be careful about technologies like Port Forwarding (sometimes called virtual services) and DMZ (De-Militarized Zone), as those instruct NAT to let some unsolicited inbound traffic through.
Be sure to change your routers administrator password, and use a long/strong password to replace it.
Make sure people can't physically access the router. None of these protections (except the password change) will do anything at all if someone can just jack into the LAN.
Other than that, its about as good as you are going to get it. These devices won't stand up to serious scrutiny (nation-state level actors for instance) but will defeat the average adversary.
Frank Thomas
Posted 2017-03-06T13:40:43.757
Reputation: 29 039
Thanks Frank. I guess that is the best I can secure my network. Don't know why you have got the right instinct here. I was an innocent business traveler hacked by the red-communist last week that makes me so paranoid! – Jenni – 2017-03-06T14:45:34.013
You need to update the firmware also, as the default firmware may have a weakness or vulnerability. – cybernard – 2017-03-06T15:32:07.907
0
I set up a new router with passwords and mac filters in place but after a few hours I found a "Network Device" with an unknown mac address connecting through LAN. The only LAN that was plugged in was the internet signal line.
Hopefully your "internet signal line" was plugged into the "Internet" port on your router. This is not part of your LAN. If you connected your Internet-facing cable into a LAN port you did it wrong.
If you have nothing plugged into the LAN ports on your router, it sounds like you have wireless computers using the router.
The way most home routers work, computers on the wireless LAN and wired LAN appear to be coming from the same place (simply, the "LAN"). Your router may use the same terminology to refer to wireless and wired connections.
Some routers have a feature to allow access to management pages through the Internet. You should look in the settings and disable this.
The password you use to access your router's settings should be a strong password. More than 8 characters, include upper and lower case characters, and some punctuation marks.
Make sure your Wifi password is a strong password. More than 8 characters, include upper and lower case characters, and some punctuation marks.
Make sure your wireless security type is set to WPA2. Do not use WPA or WEP.
If your router has a guest network capability, disable it if you don't need it. It's possible MAC filtering may not apply to the guest network, but whatever software you are using the monitor is still reporting unknown MAC addresses.
To answer your question - yes, it is possible if you have the router's management page visible on the Internet for someone to attempt to log in and take control of your router, especially if you did not change the password from the default.
LawrenceC
Posted 2017-03-06T13:40:43.757
Reputation: 63 487
3Can you provide a network diagram? It isn't clear from your description how it's all connected. – Darren – 2017-03-06T13:41:49.533
1A generic answer to your question (can a router be illicitly managed via a connection to the WAN), is "Mabey". There have been a number of cases of individual router models being vulnerable to exploits that allow illicit management, and there is always the possibility that you have misconfigured it. so based on what you have told us, that is the best and most accurate answer you can get. – Frank Thomas – 2017-03-06T13:48:53.530
Thanks Frank. I cleaned the devices list and rebooted the router. Then, it is gone. What really concerns me is that the MAC filter only work for limiting wireless access right? So, there is no way to stop any intruder getting in via the LAN? – Jenni – 2017-03-06T13:56:31.150
well, other than your firewall or NAT policies. how is your router configured? you are correct MAC whitelisting only applies to wireless on most consumer grade routers. – Frank Thomas – 2017-03-06T13:58:08.267
Well, I am not really an expert on this. What shall I look for? Everything is as per factory default expect I have changed the SSID name, router password, account password and MAC filter. It is a Linksys AC1900. – Jenni – 2017-03-06T14:06:43.110