What is Router ?
According to wikipedia a router is a networking device that forwards data packets between computer networks. Routers perform the traffic directing functions on the Internet. A data packet is typically forwarded from one router to another router through the networks that constitute an internetwork until it reaches its destination node.
A router is connected to two or more data lines from different networks. When a data packet comes in on one of the lines, the router reads the network address information in the packet to determine the ultimate destination. Then, using information in its routing table or routing policy, it directs the packet to the next network on its journey.
The most familiar type of routers are home and small office routers that simply pass IP packets between the home computers and the Internet. An example of a router would be the owner's cable or DSL router, which connects to the Internet through an Internet service provider (ISP). More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, software-based routers also exist.
Secure Router Configuration
Router Attacks
Denial of Service attacks: – The DOS attack is done by the attacker who has the motive of flooding request to the router or other devices affecting the availability. Sending more number of ICMP packets from multiple sources makes the router unable to process traffic. If the router is unable to process traffic it is unable to provide services in the network and the whole network goes down affecting daily activity of organization.
Packet Mistreating Attacks: – In this type of attack after the router is injected with malicious codes the router simply mistreats the packets. Router cannot handle its own routing process and starts mishandling the packet. The malicious router is unable to process the packets properly and creates loops, denial-of-service, and congestion and so on in the network. This type of attack is very difficult to find and debug.
Routing table poisoning: – Routers use routing table to send packets in the network. The router moves the packets by looking into the routing table. The routing table is formed by exchanging routing information between routers. Routing table poisoning means the unwanted or malicious change in routing table of the router. This is done by editing the routing information update packets which are advertised by routers. This attack can cause severe damage in the network by entering wrong routing table entries in the routing table.
Hit-and-Run Attacks: – This attack is also called test attack where the attacker injects malicious packets into the router and sees if the network is online and functioning or not. If yes, the attacker sends further more malicious packets to harm the router. This attack can cause router to do unusual activities that depends upon the code injected by the attacker. This type of attack is hard to identify and can cause severe damage to the router’s work.
Persistent Attacks: – Unlike hit and run attack in this attack the attacker repeatedly injects malicious packets into the router causing the router to exploit vulnerabilities. This attack is very severe in nature and can cause heavy damage. The router can stop functioning from continuous malicious packet injection. This type of attack is easier to detect compared to other router attack.
According to wikipedia a router is a networking device that forwards data packets between computer networks. Routers perform the traffic directing functions on the Internet. A data packet is typically forwarded from one router to another router through the networks that constitute an internetwork until it reaches its destination node.
Secure Router Configuration
- Change the password used to access the router
- Turn off WPS
- Wi-Fi encryption should be WPA2 with AES
- Wi-Fi password should be at least 14 characters long
- Turn off UPnP and NAT-PMP to protect both yourself and the rest of the Internet
- Turn off features that you are not using, reduces the attack surface.(Remote Management, Remote GUI or Web Access from WAN), SNMP, UPnP, NAT-PMP, etc.
- Be smart about choosing an SSID (network name)
- Use a password protected Guest Network whenever possible, not just for guests but for IoT devices too.
- Periodically check the DNS servers being used by the router. They should either belong to your ISP or be the ones you manually configured. If not, your router was probably hacked. One site that displays your current DNS servers is https://ipleak.net
- Test Your Router for open ports using some online testers
- Periodically update the router firmware
- Turn off Ping reply
- Turn off wireless networks when not in use
Router Attacks
Denial of Service attacks: – The DOS attack is done by the attacker who has the motive of flooding request to the router or other devices affecting the availability. Sending more number of ICMP packets from multiple sources makes the router unable to process traffic. If the router is unable to process traffic it is unable to provide services in the network and the whole network goes down affecting daily activity of organization.
Packet Mistreating Attacks: – In this type of attack after the router is injected with malicious codes the router simply mistreats the packets. Router cannot handle its own routing process and starts mishandling the packet. The malicious router is unable to process the packets properly and creates loops, denial-of-service, and congestion and so on in the network. This type of attack is very difficult to find and debug.
Routing table poisoning: – Routers use routing table to send packets in the network. The router moves the packets by looking into the routing table. The routing table is formed by exchanging routing information between routers. Routing table poisoning means the unwanted or malicious change in routing table of the router. This is done by editing the routing information update packets which are advertised by routers. This attack can cause severe damage in the network by entering wrong routing table entries in the routing table.
Hit-and-Run Attacks: – This attack is also called test attack where the attacker injects malicious packets into the router and sees if the network is online and functioning or not. If yes, the attacker sends further more malicious packets to harm the router. This attack can cause router to do unusual activities that depends upon the code injected by the attacker. This type of attack is hard to identify and can cause severe damage to the router’s work.
Persistent Attacks: – Unlike hit and run attack in this attack the attacker repeatedly injects malicious packets into the router causing the router to exploit vulnerabilities. This attack is very severe in nature and can cause heavy damage. The router can stop functioning from continuous malicious packet injection. This type of attack is easier to detect compared to other router attack.
No comments:
Post a Comment