• Another simple check to avoid router being hacked


    Recently, two unsecured databases were discovered on the Internet. Exactis, a Florida marketing data aggregator, exposed 340 Million Consumer Records to the world. Another company, Telemedicine, exposed detailed health care information on more than 2.3 million patients in Mexico, by making a MongoDB database accessible to anyone without a password.

    In both cases, the researchers used a search engine called Shodan to make the discoveries.

    Most people are not aware, but as soon as your router is connected to the Internet, it is constantly subject to the scanning of multiple parties from the Internet. You’d be scared if you can see the logs of these scans. Shodan is one of scanners. But Shodan is not the scariest.

    By making the scan results publicly available, Shodan is helping researchers to find vulnerable servers, and helping people to secure their networks. The least you can do is to make sure that your router does not appear in Shodan search results.

    Follow this Router Security link to find out: https://routersecurity.org/shodan.php.

    If you are extremely cautious, you can do it this way:

    1. While connected to your home network, Google “what is my ip” to find your router’s external IP address.
    2. Use another device not connected to your home network (for example, your smart phone connected to mobile network), enter “www.shodan.io/host/<your router's external IP address>” in the browser.

     

    I’d suggest that you do this check several times a few weeks apart to make sure that your router doesn’t show up in Shodan indeed.

    The pcWRT router provides settings you can enable to make your router invisible to the outside world: in the Network Settings page, check both “Enable stealth mode” and “Block ping”. With these options enabled, the router does’t answer ping and doesn’t respond to probes from the Internet.

Leave a Reply