thousands of people out there who have not changed the default
passwords on their broadband routers, leaving them potentially exposed
to a denial of service attack. It wouldn’t take much for someone to
write a script that scanned a ranged of addresses for an open port 80
and then attempted to connect with a series of default passwords. Once
logged in the script could maliciously change the user’s settings and
knock them off the Internet and deny them access to their own router
I discovered this while using BitTorrent – I noticed I had a connection
open to someone on the same ISP network as myself, PlusNet (let’s call
them Mr Bean). Me being a nosey old sod I wanted to have a look at
their web site so I opened a browser and typed in mrbean.plus.com – of
course this didn’t actually take me to their web space on the PlusNet
home page server but to the actual ADSL WAN address on their router –
however I got challenged for a username and password.
"This looks interesting" I thought!
So I tried a few random passwords but didn’t get anywhere, until I hit
"Cancel" – then I got the "failed authorisation" page from the web
server which revealed it was running a "Hasbani" web server. No idea
what that was so I did a Google and found it’s the built-in generic web
server for many Connexant based routers. A bit more googling turned up
the default username and password, "admin" and "epicrouter". Now I’m
think "I wonder…" so I typed them in and bingo, I’m logged straight
into this person’s router. Now I can access all their settings, change
the password, change their ISP connection string, change the DNS, DHCP
and IP settings, generally completely screw it all up!
Now I’m not a malicious person so didn’t do anything, but it just goes
to show that there’s a lot of ignorance out there and these people
could EASILY be knocked off without any problem whatsoever. Imagine a
script that did this to thousand’s of people, those people would suffer
outages and probably end up ringing the ISP helpline, causing a
knock-on effect as the helpdesk becomes overwhelmed with calls.
I think the only way to force people to change the password is to have
a big sticker on the router itself warning people to change the
password, or maybe even have a transparent proxy so that the first time
someone tries to access the Internet via one of the switch ports they
get taken to a page where they are forced to change it – after it’s
changed, the transparent proxy is disabled and only re-enabled if a
factory reset is performed.
I think it’s only a matter of time before some malicious individual
starts attacking Internet users in this way. It may already be