4 Tests You Should Do on Your WiFi Router to Avoid Hacking

• Posted by pcwrt
• in Router, Security, WiFi
• on January 19, 2018
• No Comments.

In a previous post, I talked about how to secure your router WiFi. That’s only half of the puzzle. Another type of attack on your router comes directly from the Internet, without the need to connect to your WiFi signal. Due to the various security flaws on the home WiFi router, and the fact that the hacker can be anywhere around the world to carry out the attack, the security problem is more serious than cracking your WiFi from your neighborhood. Here are some recent examples:

• Tens of Thousands of Defaced MikroTik and Ubiquiti Routers Available Online
• Router flaws put AT&T customers at hacking risk

In this post I’ll show you 4 simple tests that will help you make your WiFi router more secure against attacks from the Internet side.

1. Is your DNS hijacked?
   One of the tricks hackers do after they hacked your router is hijack your DNS service. That’s because once they hijack your DNS service, they can redirect your web traffic to malicious web sites at will. You can use these tools to check whether your DNS service has been hijacked:
   • Who is My DNS?
   • F-Secure Router Checker
   • Tenta Browser Privacy Test. This test also shows some detailed information about what can be revealed about you when you visit a web site.
2. Are there any open ports to the Internet?
   When you connect a router to the Internet, there are two sides to your network: the LAN side, which is your internal network; and the WAN side, which is the Internet on the outside. There should be no open ports on the Internet/WAN side. It’s OK if you don’t know what a port is. Just remember that if you have open ports on the Internet/WAN side, hackers can use the open ports to attack your router and network.

   Fortunately there are some simple tests you can run with Shields Up to determine your risks. Follow the link here, click Proceed on the first page, then click All Service Ports under the big Instant UPnP Exposure Test button. The test will take a couple of minutes to run. It will report the port statuses as a colored chart. Everything should be green.

   And while you are there, you might want to run the UPnP test as well.

3. Are you still using the router’s default password?
   When you configure a new router, the first thing you should do is to change the router password. If you leave the default router password unchanged (or if your new password is easily guessable), a hacker can take control of your router without the need to break your WiFi encryption.

   One way to achieve that is the DNS rebinding attack. Another way is through an app installed on your smart phone (for example, a game you downloaded). When the phone is connected to your home WiFi, the app could be trying to log on your router by guessing the router password.

4. Check these additional ports. None of them should be open..
   Click on the links to check the individual ports with ShieldsUP.
   • Port 7547 and port 5555: may be used by remote management protocol TR-069, if your router is provided by an ISP.
   • Port 3369: remote desktop.
   • Port 20005, used by a service called NetUSB. Affects multiple vendors, TP-Link, Netgear, D-Link and ZyXEL, to name a few.
   • If you have an AT&T provided router, check port 49152 and port 61001
   • If you have a Linksys router, check port 32764 and port 8080.
   • If you have a D-Link router, check port 19541, port 8181, and UDP port 39889. But in general you should check for the latest firmware from D-Link and make sure the multitude of security flaws are fixed.
   • Port 37215 and port 52869: a new variation of the Mirai worm was spreading via these ports. So better check if your router is affected.