Seriously Weird

[XFool]

Advice please.

This is a very peculiar situation, with a long, long technical runup and background which I won't bore you with. The sudden unexpected entirely innocent outcome is:

1. I seem possibly to have accidentally and inadvertently stumbled upon a simple way of breaking into unsecured routers (devices?) on the Internet.

2. I appear (on the face of it) to quite accidentally have admin access to a router in a company in Israel.


WRT 2. I don't know why, but this router seems entirely wide open in every respect. To me this seems suspicious enough in its own right.

What is going on? What would be best to do next? (serious answers please)

TIA

[Infrasonic]

There are quite a lot of cybersecurity security companies in Israel, maybe this 'wide open router' is a nice little honey trap waiting for a nibble?
It's a common MO to find out information on hackers digital fingerprints, plenty of servers out there with similar 'weaknesses' that are intentionally allowed to be infected with bots and other malware so it can be reverse engineered.

It could also be a malicious actor hoping to access or compromise your end with captured info...

Proceed with caution...

[XFool]

...as the router is so wide open, the above thoughts have already crossed my mind.

More hopefully, as there is research into security issues in universities in Israel (I think), I wondered about it being part of a research project.

[ReformedCharacter]

Advice please.

This is a very peculiar situation, with a long, long technical runup and background which I won't bore you with. The sudden unexpected entirely innocent outcome is:

1. I seem possibly to have accidentally and inadvertently stumbled upon a simple way of breaking into unsecured routers (devices?) on the Internet.

2. I appear (on the face of it) to quite accidentally have admin access to a router in a company in Israel.


WRT 2. I don't know why, but this router seems entirely wide open in every respect. To me this seems suspicious enough in its own right.

What is going on? What would be best to do next? (serious answers please)

TIA

It might be interesting and perhaps informative to 'do the honest thing' and inform the sys admin and see what sort of response you get.

RC

[XFool]

It might be interesting and perhaps informative to 'do the honest thing' and inform the sys admin and see what sort of response you get.

That would be my intention. However the question is: Who & how?

Obliquely, this has (possibly) come to notice: https://infowarcon.com

And this: https://www.milcyber.org

[It is at this point, based on some previous experience, I am starting to have the feeling some on TMF may start posting that I am 'merely trolling']

[XFool]

It's crossed my mind that the router's admin account might possibly be a pseudo-admin account. That is, it appears to be an admin account by name, but actually isn't - because the admin user name is not AFAIK the default admin name for this type of router, though closely related.

As the only way of finding out if it IS a genuine admin account is to carry out an actual admin action on the router which, if it was successful, could presumably constitute illegal hacking, I am obviously disinclined to do so...

At this point perhaps the simplest thing is to 'get me coat' and just forget about the whole matter. Anyway, to get back to a matter related to the original issue:

Anyone know of any really, really reliable DNS servers?

[scotia]

Many years ago, when I was teaching a postgraduate course on computer communications, I organised a lab session on SNMP (Simple Network Management Protocol), and I told my class that many devices on the internet were wide open to this protocol. I encouraged them to explore around the University, and some adventurous souls extended their search to another University where the alarm bells rang, and there was a pointed discussion between the two Universities' Computer Services at a high level. The outcome was a severe restriction placed on the router to which my lab was connected!
So it is possible that the router you have investigated may be obtaining more info about you than you would about it! Be careful. And how did you find out about this router? Its unusual for any conventional Web user to be employing tools that would discover this router. I suspect your investigations, no matter how innocent you believe them to be, may have aroused the interest of others - even possibly certain government organisations

[Slarti]

If you're able to access the router you must have the address of it?

Do a Who Is on the address and see who owns the domain and contact them?

Slarti

[XFool]

But there are oodles of these things all over the Internet. Essentially a wireless router for business use, the equivalent of a domestic wireless router.

Why are they everywhere, wide open, walk right in? (Apparently)

Either I'm seriously missing something, or somebody else is.

[kyu66]

But there are oodles of these things all over the Internet. Essentially a wireless router for business use, the equivalent of a domestic wireless router.

Why are they everywhere, wide open, walk right in? (Apparently)

Either I'm seriously missing something, or somebody else is.

The internet is full of open/accessible devices, through either ineptitude, mis-configuration or design (e.g. honey pots).

Have you checked the device's status using shodan.io https://en.wikipedia.org/wiki/Shodan_(website), it may provide more details.

[XFool]

To sum up:

1. Things Are As They Appear To Be

This is the simplest explanation. It means there really are loads of routers etc. on the Internet with ZERO security in place.

Normally home routers are supplied by ISPs, who set them up before dispatch. It appears that commercial routers directly supplied to companies may, as their default settings, have no security in place. The suppliers presumably expecting they will be correctly set up and looked after by knowlegeable technical staff. Obviously, this if frequently not the case.

I can only think devices are set up by non technical people. Or the 'convenience' of having an easily accessible open router interface on a private network in a trusted environment completely overlooks, through ignorance, that that private side router access is the same interface on the other, public WAN side and so is visible to everyone in the world!


2. Things Are Not As They Appear To Be

In which case, who knows?


Obviously all this must be well enough known in circles where it is already well known. It's just a bit of a shock accidentally stumbling upon it for oneself.

Well it has been, as the saying goes: "A learning experience."

[Slarti]

But there are oodles of these things all over the Internet. Essentially a wireless router for business use, the equivalent of a domestic wireless router.

Why are they everywhere, wide open, walk right in? (Apparently)

Either I'm seriously missing something, or somebody else is.

ISP supplied routers with no admin password are horribly common and even if you apply a password to what you think is the admin account the ISP will often have a super admin account where they can apply updates to the router and remove your admin password. Been there, eventually worked that out and never used an ISP supplied router since.

Slarti

[swill453]

I can only think devices are set up by non technical people. Or the 'convenience' of having an easily accessible open router interface on a private network in a trusted environment completely overlooks, through ignorance, that that private side router access is the same interface on the other, public WAN side and so is visible to everyone in the world!

I would have thought the majority of routers and other network equipment in the commercial environment are entirely within their private networks and inaccessible from the Internet ie they simply don't have a "public" side. Any large company I've worked for has only had a very few well defined and well protected interfaces between the internal network and the Internet at large.

Of course that's not to say it's impossible that some companies will expose an insecure interface to the Internet. And it's also not to say that having an unsecured router within a private network is a good thing anyway.

Scott.

[Slarti]

Also things like the BT access points. I'm sure other companies do the same.

Slarti

[Infrasonic]

https://routersecurity.org/index.php

[Infrasonic]

Another possibilty IoT/DMZ...https://www.google.co.uk/search?q=DMZ+a ... e&ie=UTF-8