Jump to content

Can people with knowledge abuse the tech support connection on the netduma?

Offen

By Offen
in Netduma R1 Support

 Share

Recommended Posts

Offen

Offen

Posted
Posted

So yesterday when I got home from work, I noticed I couldn't find the Wifi, logged onto the Netduma via Cable and noticed the WiFi setting had been changed, It was now changed to OPEN and SSID named "Fucking shit" And I thought to myself, the chance of some of my neightbors figuring out the WiFi password is very low.

So main theory is that someone connected to the router from from the outside (aka WAN), and got into the router configuration with default username and password, as I had not changed it away from default. 

And yes, as soon as I noticed this I reset to factory settings and added a new username and password. And I also disabled the allow Tech support under network settings

Is there any sort of Firewall or something on the netduma router that I've missed to prevent compromising my network? My modem is directly connected to the netduma WAN port. 

And as the name of the Topic, can some with the knowledge easily connect to the router via the tech support channel?

Link to comment
Share on other sites
Zennon

Zennon

Posted
Posted

This is very easy to do if you leave routers with the default user name and password.

They have stood outside of houses scanning for WiFi joined and tried admin admin or admin password etc.

Always change from default.

Link to comment
Share on other sites
Offen

Offen

Posted
  • Author
Posted
53 minutes ago, Zennon said:

This is very easy to do if you leave routers with the default user name and password.

They have stood outside of houses scanning for WiFi joined and tried admin admin or admin password etc.

Always change from default.

For your information, I did have a password on the WiFi. Only way they could have reached the Config is either via a cable or WAN, or the unlikely chance of them figuring out my WiFi password, which is why I asked if the "allow remote tech support" can easily be reached from WAN?

Link to comment
Share on other sites
Netduma Alex

Netduma Alex

Posted
Posted
2 hours ago, Offen said:

For your information, I did have a password on the WiFi. Only way they could have reached the Config is either via a cable or WAN, or the unlikely chance of them figuring out my WiFi password, which is why I asked if the "allow remote tech support" can easily be reached from WAN?

In order to gain remote access to your router via the remote tech support option, they would need Netduma's key, which we only have in our office. Unless they have access to our office network, they can't get in using that method. Our office network is very secure so I doubt that's what happened. That said, disabling Allow Remote Tech Support is probably a good idea when you don't need help.

The way I see it, two things could've happened. The first option is that somebody cracked your password. It's totally possible to crack a wifi password with enough time, so perhaps a neighbor with technical skill could get that done? Make sure you're using WPA2 security, and if practical, consider hiding your SSID. You should also change the default credentials for DumaOS.

The other thing that could've happened would be a wind up from somebody in your house. How many people have access to your wifi network? Do any of them seem like they'd know how to do this?

Link to comment
Share on other sites
Offen

Offen

Posted
  • Author
Posted
13 minutes ago, Netduma Alex said:

In order to gain remote access to your router via the remote tech support option, they would need Netduma's key, which we only have in our office. Unless they have access to our office network, they can't get in using that method. Our office network is very secure so I doubt that's what happened. That said, disabling Allow Remote Tech Support is probably a good idea when you don't need help.

The way I see it, two things could've happened. The first option is that somebody cracked your password. It's totally possible to crack a wifi password with enough time, so perhaps a neighbor with technical skill could get that done? Make sure you're using WPA2 security, and if practical, consider hiding your SSID. You should also change the default credentials for DumaOS.

The other thing that could've happened would be a wind up from somebody in your house. How many people have access to your wifi network? Do any of them seem like they'd know how to do this?

Yeah, it's not impossible, I just don't understand who would do such a thing. Sure my friends could do something similar for the luls, but they would never make it OPEN or name it "Fucking shit" So yeah, thanks for the reply, I'll take notes and move on. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...