#1  
Old December 2nd, 2011, 12:47 PM
hansknec hansknec is offline
Junior Member
NETGEAR Newbie
 
Join Date: Dec 2011
Posts: 8
hansknec is on a distinguished road
Default Is there a need to change the Admin password?

So my understanding of the security is that the access to my router using the "admin" as username and "password" as the password is not all that important to change because it takes someone inside your house actually hard connected to your router. Is this correct? No one can sit in my driveway and do anything malicious by wireless connection? No one can come through the web to ping my router and enter the password for easy access to my stuff?
Reply With Quote
  #2  
Old December 2nd, 2011, 01:51 PM
sabretooth sabretooth is offline
Senior Member
NETGEAR Addict
 
Join Date: Nov 2011
Posts: 1,193
sabretooth is on a distinguished road
Default Re: Is there a need to change the Admin password?

Yes, wireless connections can access the routers admin pages too. However... they first have to get on your wireless SSID network. If you have strong encryption WPA2-AES is the best, never gonna happen in your lifetime. Don't worry there is no 'roving bands of nerds' driving around the US trying to break into your wireless network. Just not happening.

Posted 5:51 pm
Reply With Quote
  #3  
Old December 2nd, 2011, 02:10 PM
jmizoguchi jmizoguchi is offline
Banned
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 0
jmizoguchi is an unknown quantity at this point
Default Re: Is there a need to change the Admin password?

If you end up using WEP or WPA-TKIP, both will easily hack but not WPA2-AES.

Also person don't really have to ne in your drive way to hack as well... plenty guys will use high gain antenna to hack .... google "war driving".
Reply With Quote
  #4  
Old December 2nd, 2011, 02:25 PM
sabretooth sabretooth is offline
Senior Member
NETGEAR Addict
 
Join Date: Nov 2011
Posts: 1,193
sabretooth is on a distinguished road
Default Re: Is there a need to change the Admin password?

Ha... they have a name for it now huh? Still chances are slim to none that it will happen when there are plenty of unsecured networks around. Still... I have a spare router have been wanting to set up by the front window with an SSID of 'hackmeifyoucan' with just WEP. Of course no LAN connections just the wireless beacon. :-)
Reply With Quote
  #5  
Old December 2nd, 2011, 02:31 PM
jmizoguchi jmizoguchi is offline
Banned
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 0
jmizoguchi is an unknown quantity at this point
Default Re: Is there a need to change the Admin password?

just like robbery would think...

1. would you steal house that has no lock on the door ?

or

2. would steal the house with lock on it?

lol...

likely any "road warriors" will rather go easier wireless network that is WEP or even none so... Someone will try to hack WPA2 probably is not that common been takes way too long to hack...

you will be surprise that there is quite none encrypted network.. I know my surrounding is like that not that I would abuse.
Reply With Quote
  #6  
Old December 3rd, 2011, 01:51 AM
Mars Mug's Avatar
Mars Mug Mars Mug is offline
Moderator
NETGEAR Fanatic
 
Join Date: Nov 2006
Location: Stevenage UK
Posts: 12,469
Mars Mug is on a distinguished road
Default Re: Is there a need to change the Admin password?

As I have said before, unencrypted networks are sometimes set up deliberately by criminal gangs to ‘farm’ data from the unsuspecting people who think they are smart in connecting to a ‘foolishly’ unencrypted network.

While there is even a slim chance that someone could access your network, it is worthwhile changing the admin password. Access to the router settings and firmware gives someone an easy way to fully monitor your network in a way that will go totally unnoticed by you.

The probability may be very low, but it can and does happen, a simple password change can reduce the risk to near zero. Also there may be times when you need to drop the wireless network encryption for some reason, e.g. testing a new problematic device, and in that case having a different admin password is good.
__________________
I don't work for Netgear.

My name is Andy.
Reply With Quote
  #7  
Old December 9th, 2011, 06:50 AM
christopher_small christopher_small is offline
Junior Member
 
Join Date: Dec 2011
Posts: 4
christopher_small is on a distinguished road
Default Yes! Change your admin password!

Yes. This is a big security hole with an exploit that I saw take place on my network, in my house, probably via visiting a Facebook page.

How:

You might visit a page that logs into your router from the LAN side and reconfigures it to open connections from the WAN side. If your router still has the default password you're wide open to attack. Changing your admin password from the default makes this attack much more difficult.

Details:

(1) There are known bugs (or features) where you visit a web page (Facebook, Flash, PDF, others exist...) where your computer can be tricked into opening a web (or other) connection.

The exploit would work as follows: you visit a page, the page runs a script that gets your browser (or Flash or Acrobat or ....) to open a connection to https://routerlogin.net, and sends the default login (admin) and password (password). Now the script is logged into your router. The script can then submit (via http) data that makes it look to your router like you clicked on the "Advanced" tab, then you opened up a WAN port, etc., etc.

(2) This isn't theoretical -- I saw this happen to me, on my brand new WNDR3800.

I bought it and set it up on 11/23/2011. On 11/27/2011 at 12:07AM a houseguest apparently connected to some site (maybe Facebook, that's what she thinks she was looking at). The site caused her Mac to run a script that logged into the router and reconfigured the router to open a port. My guess is the script installed a bot client on her machine; from the break-in until I closed the hole (about 13 hours later) my network was open to the WAN with dozens of connections per hour from around the globe (other bots I assume) coming in through the open port.

I saw the break-in in the daily log, closed the open port, changed the password, and got her to clean up her machine. Problem solved.

Change the password from the default!

It's nice that they generate random SSIDs and WEP2 passwords now; they should do the same for the admin login, now that this hack is known to exist
Reply With Quote
  #8  
Old December 9th, 2011, 07:10 AM
hansknec hansknec is offline
Junior Member
NETGEAR Newbie
 
Join Date: Dec 2011
Posts: 8
hansknec is on a distinguished road
Default Re: Is there a need to change the Admin password?

Wow! That is a 100% different answer than those given by other "senior" members on the forum. I was content to leave the password alone, but now I think I will take your good advise and change it. I will also stay away from Facebook. Not necessarily because of this issue, but because Facebook is a complete waste of time.
Reply With Quote
  #9  
Old December 9th, 2011, 07:33 AM
christopher_small christopher_small is offline
Junior Member
 
Join Date: Dec 2011
Posts: 4
christopher_small is on a distinguished road
Default Re: Is there a need to change the Admin password?

Quote:
Originally Posted by hansknec View Post
Wow! That is a 100% different answer ...
Well, other people here haven't been burned (yet) or don't know that they have. I didn't think about it when I set up the router, either, and three weeks ago I would have given you the same answer. But I got burned because of it.

Senior member here or not, I've been doing this kind of thing since, well, before 802.11 existed, before the world-wide web existed, before the Internet existed, before... well, let's just say I'm an old fart. (And I got burned!)
Reply With Quote
  #10  
Old December 10th, 2011, 08:26 AM
Mars Mug's Avatar
Mars Mug Mars Mug is offline
Moderator
NETGEAR Fanatic
 
Join Date: Nov 2006
Location: Stevenage UK
Posts: 12,469
Mars Mug is on a distinguished road
Default Re: Is there a need to change the Admin password?

Senior member really means very little, it’s based on post count, not post quality. If the World expert on networking and routers joined the forum tomorrow they would be listed as ‘Junior’, not exactly an accurate description.

I don't use a Netgear router as my router/gateway, I haven't been burned
__________________
I don't work for Netgear.

My name is Andy.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -8. The time now is 10:57 AM.