Reply
Newcomer
Posts: 0
Registered: ‎2011-12-02

Is there a need to change the Admin password?

So my understanding of the security is that the access to my router using the "admin" as username and "password" as the password is not all that important to change because it takes someone inside your house actually hard connected to your router. Is this correct? No one can sit in my driveway and do anything malicious by wireless connection? No one can come through the web to ping my router and enter the password for easy access to my stuff?
Respected Contributor
Posts: 1,134
Registered: ‎2011-11-12

Re: Is there a need to change the Admin password?

Yes, wireless connections can access the routers admin pages too. However... they first have to get on your wireless SSID network. If you have strong encryption WPA2-AES is the best, never gonna happen in your lifetime. Don't worry there is no 'roving bands of nerds' driving around the US trying to break into your wireless network. Just not happening.

Posted 5:51 pm
Regular Contributor
Posts: 89,285
Registered: ‎2009-01-27

Re: Is there a need to change the Admin password?

If you end up using WEP or WPA-TKIP, both will easily hack but not WPA2-AES.

Also person don't really have to ne in your drive way to hack as well... plenty guys will use high gain antenna to hack .... google "war driving".
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Respected Contributor
Posts: 1,134
Registered: ‎2011-11-12

Re: Is there a need to change the Admin password?

Ha... they have a name for it now huh? Still chances are slim to none that it will happen when there are plenty of unsecured networks around. Still... I have a spare router have been wanting to set up by the front window with an SSID of 'hackmeifyoucan' with just WEP. Of course no LAN connections just the wireless beacon. :-)
Regular Contributor
Posts: 89,285
Registered: ‎2009-01-27

Re: Is there a need to change the Admin password?

just like robbery would think...

1. would you steal house that has no lock on the door ?

or

2. would steal the house with lock on it?

lol...

likely any "road warriors" will rather go easier wireless network that is WEP or even none so... Someone will try to hack WPA2 probably is not that common been takes way too long to hack... Smiley Happy

you will be surprise that there is quite none encrypted network.. I know my surrounding is like that not that I would abuse. Smiley Happy
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Esteemed Contributor
Posts: 12,950
Registered: ‎2015-07-05

Re: Is there a need to change the Admin password?

As I have said before, unencrypted networks are sometimes set up deliberately by criminal gangs to ‘farm’ data from the unsuspecting people who think they are smart in connecting to a ‘foolishly’ unencrypted network.

While there is even a slim chance that someone could access your network, it is worthwhile changing the admin password. Access to the router settings and firmware gives someone an easy way to fully monitor your network in a way that will go totally unnoticed by you.

The probability may be very low, but it can and does happen, a simple password change can reduce the risk to near zero. Also there may be times when you need to drop the wireless network encryption for some reason, e.g. testing a new problematic device, and in that case having a different admin password is good.
Initial Contributor
Posts: 2
Registered: ‎2011-12-09

Yes! Change your admin password!

Yes. This is a big security hole with an exploit that I saw take place on my network, in my house, probably via visiting a Facebook page.

How:

You might visit a page that logs into your router from the LAN side and reconfigures it to open connections from the WAN side. If your router still has the default password you're wide open to attack. Changing your admin password from the default makes this attack much more difficult.

Details:

(1) There are known bugs (or features) where you visit a web page (Facebook, Flash, PDF, others exist...) where your computer can be tricked into opening a web (or other) connection.

The exploit would work as follows: you visit a page, the page runs a script that gets your browser (or Flash or Acrobat or ....) to open a connection to https://routerlogin.net, and sends the default login (admin) and password (password). Now the script is logged into your router. The script can then submit (via http) data that makes it look to your router like you clicked on the "Advanced" tab, then you opened up a WAN port, etc., etc.

(2) This isn't theoretical -- I saw this happen to me, on my brand new WNDR3800.

I bought it and set it up on 11/23/2011. On 11/27/2011 at 12:07AM a houseguest apparently connected to some site (maybe Facebook, that's what she thinks she was looking at). The site caused her Mac to run a script that logged into the router and reconfigured the router to open a port. My guess is the script installed a bot client on her machine; from the break-in until I closed the hole (about 13 hours later) my network was open to the WAN with dozens of connections per hour from around the globe (other bots I assume) coming in through the open port.

I saw the break-in in the daily log, closed the open port, changed the password, and got her to clean up her machine. Problem solved.

Change the password from the default!

It's nice that they generate random SSIDs and WEP2 passwords now; they should do the same for the admin login, now that this hack is known to exist
Newcomer
Posts: 0
Registered: ‎2011-12-02

Re: Is there a need to change the Admin password?

Wow! That is a 100% different answer than those given by other "senior" members on the forum. I was content to leave the password alone, but now I think I will take your good advise and change it. I will also stay away from Facebook. Not necessarily because of this issue, but because Facebook is a complete waste of time.
Initial Contributor
Posts: 2
Registered: ‎2011-12-09

Re: Is there a need to change the Admin password?

hansknec wrote:
Wow! That is a 100% different answer ...


Well, other people here haven't been burned (yet) or don't know that they have. I didn't think about it when I set up the router, either, and three weeks ago I would have given you the same answer. But I got burned because of it.

Senior member here or not, I've been doing this kind of thing since, well, before 802.11 existed, before the world-wide web existed, before the Internet existed, before... well, let's just say I'm an old fart. (And I got burned!)
Esteemed Contributor
Posts: 12,950
Registered: ‎2015-07-05

Re: Is there a need to change the Admin password?

Senior member really means very little, it’s based on post count, not post quality. If the World expert on networking and routers joined the forum tomorrow they would be listed as ‘Junior’, not exactly an accurate description.

I don't use a Netgear router as my router/gateway, I haven't been burned Smiley Wink
Discussion Stats
  • 9 replies
  • 2275 views
  • 0 kudos
  • 5 in conversation
Top Contributors