Protecting your WiFi networks from hacker attacks on the example of a TP-Link router

This article has been written to protect ordinary users from malicious attacks by hackers, who often use someone else's Internet in this way and steal other people's data over the network.

It is assumed that the routeralready set up and the internet is working.

Chapter 1. Protection.

1) On a device connected to a wifi network, for example, on a PC or laptop, launch any browser, type the following combination in the address line: 192.168.0.1

if it doesn't work you can try 192.168.1.1

If everything is in order, then the browser will ask for a username and password to enter the interface of your wifi router TP Link.

Enter login: admin

Password: admin

Thus, we go into the router through the browser to manage the settings of the router.

2) Status tab. Copy via screenshot or just copy text information, stored on this page somewhere in the archive on the PC, because it will help restore the Internet connection with your provider, if it suddenly disappears after some manipulations.

3) WPS tab: WPS status - disable.

I explain. WPS is a standard pin code, a password that is ONLY needed during the initial setup of the router. If the router is already configured (network name and password), then WPS is no longer needed and is a weak link in protecting the router from hacker attacks, since picking up a pin code consisting of numbers is much easier than an encrypted password.

4) Tab "Wireless mode".

Wireless Setting

Set the name of your Wifi network (network name) → save (if you are satisfied with the name already set, you can not change it)

Wireless protection.

Set the password encryption method and the password itself, or change them (optional) if the password is already configured and working. Generally, the recommended settings should be set. Your password (the longer and with different characters - the better - for example, in one password it is desirable to use the Latin alphabet, numbers, signs! ”№;%:? *() and the like). - Save. (the main thing is not to forget this password later)

*!ATTENTION! Before completing the next step, you need to have a minimal understanding of what a MAC address is and where to get it. On any device with any operating system (Windows, Android, Linux), it’s not at all difficult to determine the device’s own Mac address (PC, smartphone, tablet), Google will help, I’ll just add one more way: BEFORE filtering MAC addresses on router management page as in this manual, connect to your Wifi network using the devices whose MAC addresses you want to know. All of them will be displayed on the tab: DHCP - List DHCP clients. So let's continue:

MAC address filtering. Well, we finally come to the very important steps to protect your Wifi network.

First, add the MAC addresses of your devices that are connected or periodically connect to your wifi network. It is important not to confuse anything here, enter Mac addresses separated by colons, like XX:XX:XX:XX:XX:XX

Then - filtering rules: Allow stations specified in the included entries.

Then - Filtering by MAC - addresses - turn on.

** Tip: when adding or editing your MAC addresses, it is advisable to indicate the ownership in the description this device(for example, PC-Andrey, Smartphone-Janna, LG-Tablet and so on. This will eliminate unnecessary questions in the future)

5) Security tab

Basic protection settings.

Turn everything on, VPN - according to the situation (if you have it, then turn on the pass).

Advanced security settings.

DoS protection - enable.

Enable all types of filtering.

Local management

By analogy with the “Mac Address Filtering” item, we add devices here from which it will be possible to enter (and only from them) the router settings page.

Parental control - disable (if you suddenly need this function - google, but for security it does not matter, it only restricts access to the Internet).

6) System Tools Tab

Password.

We set our login and password to enter the router management page instead of the standard admin - admin. Naturally, we remember.

Backup copy and recovery

We save the settings you have made (just in case they suddenly fly off) by clicking on the "Backup copy" button. We save the file with the .bin extension. In the future, it will be possible to recover from it by going to the same menu item.

Statistics.

Turn on.

This completes the security settings for your router and your wifi network. Of course, you cannot completely protect yourself from all threats from the Internet in this way (after all, the Pentagon is somehow hacked, etc.), but you can believe that if the price of the issue is less than a million dollars, then hack into your network and, accordingly, then your computer with such protection few people want it, because it is associated with too much labor and time costs.

Chapter 2. Viewing router statistics for traces of hacking.

1) Wireless tab

Wireless Statistics

This lists all the MAC addresses that are in this moment use your Wi-Fi network. If there is an unknown Mac address at this point, this may be suggestive (although if you set everything up correctly according to the instructions in Chapter 1, then no creature can get here so easily). Just at this point, you can monitor the clients of your wireless network for your own peace of mind.

2) "DHCP" tab

List of DHCP clients.

Devices that are logged into the network with your password are shown here and to which the router automatically assigned a temporary IP address. (Again, for my own peace of mind).

3) System Tools Tab

Statistics. (if it is included of course as specified in Chapter 1)

All devices using your router are visible here.

Common to all types of statistics - see sent and received packets, the number of bytes sent and received. If these parameters are zero, then the device does not transmit any information using your router.

This article is over. Thanks to everybody, you're free. There is a special button for donation.)

https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=U4MB96DDZLVGE

To protect yourself from the Trojan.Rbrute trojan that infects TP-link modems / routers, you need to perform several simple terms. The virus spreads by brute-force scanning of IP addresses in the n-th range, after which the password guessing method starts using the brutforce method. Almost all popular models are attacked Tp-link routers. Making its way into the settings of the device, the Trojan changes the DNS addresses of the provider to the addresses of the attackers.

Your router is infected if:

When trying to go to any site, whether it be remont-sro.ru or Gmail.com service, a fake download site opens Google Chrome or other suspicious resources. Initially, the redirect only worked for user requests containing the words Facebook or Google, but now the Trojan responds to any of them. The indication on the modem remains the same, “Internet” is lit steadily, the computer shows that the connection has been made, authorization has been passed, but the Internet itself does not work, but only transfers to advertising and / or fake download pages

Item 1. Reset. Modem reconfiguration
The instruction was prepared by Maria Korchagina, a specialist of the TsOO TsOO

If you cannot enter the modem settings through 192.168.1.1, then try to do it through the address 192.168.42.1

This page contains settings only for Internet service. To configure IP-TV and WI-FI, download the full manual

Russian version - http://yadi.sk/d/JC6l6FPVRbU9P

English version - http://yadi.sk/d/j6Ly7bA4RbU8r

1. To properly reset the settings on the modem, press the button with a needle / paste / toothpick reset in a small recess. Hold from 5 to 15 seconds until the indication on the device disappears. The lights should go out as they would after a normal reboot of the router.

2. To configure the modem, connect the cable to any LAN port, do not configure via Wi-Fi connection.

3. Log in via Internet browser Explorer to the router interface, at the address: 192.168.1.1. A dialog box will open. In the Username and Password fields, enter admin/admin respectively. Will open start page router (see below)

On this page you will see which settings already exist:

4. Before you start configuring the router, you need to delete all previously created settings. To do this, go to the section "Interface settings" -> "Internet", select "Virtual channel" - PVC0, at the bottom of the page, click the "delete" button. We do this with each virtual channel (there are only 8 of them).

In the end, this is what should happen (again, go to the section "State"):

5. Now go to the section "Interface Setup", then select a subsection "Internet"(see screenshot below). Specify the parameters as in the screenshot below (user and password: rtk), then save all the parameters by clicking the "Save" button.
This completes the setup for PPPoE mode.

Step 2. Changing the password to enter the router

To change your password, go to "Device Operation", then "Administration", where the password for entering the router actually changes (come up with complex password) (see screenshot below). Then press the button "Save"

Item 2.5 List of passwords that are not recommended to be set at the entrance to the router

111111
12345
123456
12345678
abc123
admin
Administrator
password
qwerty
root
tadpassword
trustno1
consumer
dragon
gizmodo
iqrquksm
letmein

The virus already “knows” all these passwords and guessing the password will take 1 second. The password should be set not only from numbers or letters. Special characters (lattices, asterisks, percentages, quotation marks) and letters of different case (uppercase and lowercase) MUST be present. The larger and more varied the password, the longer it will take to “brute” it (if at all).

Added: after reports of malicious attacks on routers various manufacturers TP-LINK has released a firmware update for routers to prevent possible threats.

(Shenzhen, China) -- TP-LINK, a global network equipment manufacturer, announced today that it has released firmware updates for its mainstream routers to prevent malicious attacks from hackers.

After the publication of an official report from Team Cymru, which contained a description of several vulnerabilities in home network equipment, including TP-LINK equipment, making this equipment vulnerable to hacker attacks, TP-LINK has updated the firmware for all major models of home routers .

built-in software The company's ADSL routers will be updated within a week. Team Cymru is an American 501(c)3 not-for-profit organization dedicated to Internet security research and committed to improving Internet security.

TP-LINK Router Firmware Update Instructions .

A new hacker attack on routers has affected more than 300,000 home and office devices from manufacturers such as D-Link, TP-Link, Micronet and Tenda. Having gained access to them, the attackers changed the settings of the DNS servers. This was announced at the beginning of the week by researchers from Team Cymru.

To gain access to the routers, several methods were used at once. For example, the cross-site request forgery (CSRF) technique was used, when the passwords of the web interfaces of routers are reset and the DNS settings are changed. Also access to configuration files received through unverified URLs.

All these attacks became possible due to the presence of vulnerabilities in the firmware of routers. Most of the affected users are located in Vietnam, India and Italy, the United States is also affected. DNS settings all routers were changed to 5.45.75.11 and 5.45.75.36, which allowed, for example, transferring network banking traffic to fake websites where users' financial data was collected, or installing unwanted software on computers. Recently, similar attacks have affected the people of Poland and their banking information.

Recall that not so long ago, routers of companies and.

Problems with Wi-Fi distribution with the help of a router arise for various reasons. One of them is the infection of the distributing device with a virus, which you can get rid of on your own.

  • a virus that slows down the speed of the Internet different ways. For example, such malicious software knocks down the firmware settings or starts downloading some advertising virus content to the computer;
  • a virus that replaces website addresses. It looks like this: the user visits any known safe site, and the virus changes the DNS in such a way that the user gets to an advertising site or sees advertising banners where they were not placed by the site owners. Such a virus is also dangerous because it can transfer you to a site containing other viruses.

In any case, if you notice the incorrect operation of the router, you should check it for viruses, especially since it is very easy to get rid of them.

How does a virus get into a router

The router provides Internet to all devices connected to it. This means that all devices and the router itself are in the same home network. This is what the virus uses: it enters the computer from some site or downloaded file, and then it is transmitted over the network to the router, where it starts to play dirty tricks. The process depends on the virus model, for example, some malicious programs do not specifically detect themselves on the computer, but begin to act only when they get into the router, while others manage to harm and operating system, and router firmware at the same time.

Checking the router

Before cleaning the router from viruses, you need to check if they are on it. To find out the result, you need to use the Internet directly through a computer. That is, remove the WLAN cable or modem from the router and insert it into the computer port, and then follow these steps:

If you are experiencing speed issues, then follow these three steps.

  1. Check your internet speed. This must be done in order to find out in the future whether the speed is the same when using the network directly and through a router. For example, you can download a file or use the special online service Speedtest.

    We scan the speed of the Internet through the site Speedtest

  2. To more accurately determine the quality of the signal, you need to know the ping rate. Ping is the time it takes for a signal to be sent from your device, reach the server, and return back. Naturally, the larger it is, the worse it is for you. open command line, write down ping command ip and run it. The IP address of your connection, the default is usually 192.168.0.1, but may vary. Remember the result. A normal ping value of up to 40 ms is an excellent indicator, 40-110 ms is a normal average value, more than 110 ms - you should think about reconfiguring the network, improving the signal or changing the provider.

    Execute the ping ip command

  3. After the list of sent packets, you will see statistics. You are interested in the “Packets” line, it counts how many packets were sent, lost, completed. If the number of lost packets exceeds 5%, you need to find out what the problem is. If a large number of packets do not reach the server or return, this will greatly affect the speed of the Internet.

    See what percentage of packets are lost

After you describe all the above steps, get detailed information about ping, the number of lost packets and Internet speed, reconnect the WLAN cable or modem to the router and check all the same indicators when connected via Wi-Fi. If the parameters are approximately at the same level, then the problem lies not in the router, perhaps the reason is on the operator's side. Otherwise, if problems with the Internet only occur when using it through a router, you need to perform a factory reset and virus cleaning.

Virus Removal

To remove the virus, you need to reset the settings to the default values. If the virus managed to damage the firmware, you will have to install it again yourself.

Reset parameters

  1. Look for the Reset button on the back of the router. Usually it is smaller than all the others. It needs to be held down for 10-15 seconds. When the router turns off and starts to reboot, you can release it. Rebooting the router will notify you that the settings have been reset. Please note set password will also disappear.

    Press the Reset button

  2. To reconfigure the router, you need to connect it to the computer via cable, and then open the browser and go to http://192.168.0.1. Perhaps the address will be different, you can find it on a sticker located on the router itself, or in the documentation that came with the router. You will be asked for a login and password, by default the login is admin, and the password is admin or 12345. For more details, see the instructions for the router.
  3. Go to quick setup. Specify the options that suit you. If you want, set a password and change the name of the network. After going through the setup procedure, save the changes and reboot the router.

    Go to the "Quick Setup" section and set convenient settings

After completing all the above steps, check if you got rid of the error. If not, then you will have to reflash the router manually.

Flashing the router

The firmware of the router is possible only if the device is connected to the computer with a cable. You cannot update the firmware over Wi-Fi.

  1. There is a sticker on the back of the router. Find your router model on it. It also contains information about the version of the firmware installed initially. If its version is 7, then it is better to install the update for version 7 in order to avoid conflicting too new firmware with the old hardware of the router.

    Find out the firmware version and model of the router

  2. Go to the manufacturer's website and use the search bar to find desired version for your model. Download it to your computer.

    Find and download the required firmware version

  3. The downloaded file will be archived. Extract its contents to any convenient folder.

    Specify the path to the firmware

  4. Start the update procedure and wait for it to finish. Reboot your router. The firmware should be updated, and all problems and viruses are most likely gone.

    We are waiting for the installation to finish

Video: how to flash a router

How to protect your router from viruses in the future

The only way to protect the router from viruses is to prevent them from penetrating the computer. Your computer is protected by antivirus. Install and under no circumstances disable any modern antivirus. It is almost impossible to catch malicious software with an activated antivirus. It is not even necessary to use paid security programs, in our time there are enough high-quality free analogues.

What to do if nothing helped

If the implementation of all the above instructions did not bring the desired result, two options remain: the problem occurs due to a breakdown in the physical part of the router or errors on the provider's side. First, you should call the company that provides you with the Internet and tell them about your problem and the methods that have not helped to solve it. Secondly, the router should be attributed to special service to be examined by experts.

Router virus infection is rare, but dangerous. There are two ways to get rid of the virus: resetting the settings and updating the firmware. You also need to make sure that the malware has not remained on the computer.