Originally Posted By: Matt Finley
The number of people with routers that still have the original password is quite large.


Which is why, if you are seriously concerned about your network security, I recommend NOT using the router supplied by your ISP provider.
If you think the guy with 12 setups on his list for the day is going to come to your home, set up your internet, and then take the time to truly secure it I think you are fooling yourself. He's going to plug it in, show you it works and go to the next one.

Even if he does set up a password, it is likely going to be a standard password that he and others will know.

In my current position I can't risk that. When I switched my ISP, the installer was a little surprised when I told him he couldn't use their router, and even tried to talk me into WHY I should use their router (so they could fix it remotely if anything goes wrong!)
..OK so you're saying I SHOULD allow you and others to remote into my router!? I don't think so. If they want to cut me off at the modem (I'm required to use theirs) OK, but they are not getting into my network any further than that.

As for Eddie's recurring question on how to turn the internet on/off;
Once in the router simply turn off DHCP or change the DNS to point to a machine that does not return the requested website.
If I went this far being 'the bad guy' I'd go ahead and have that machine return a website that displayed a page saying something like 'Ha Ha we turned off your internet. Now pay us'

If you can control DNS you can control a lot. The router is the first place your computer checks for DNS settings.
You can route a system(s) anywhere you want once you control it.
Later, to turn it on just return it to DHCP or set the DNS to the 8.8.8.8 Google DNS and everything suddenly starts working.
No file system date changes required on the local machine by the way. Stored in router.
How this is accomplished for various routers will vary, but most people are running the local cable service provider's hardware= good chance of success on method used, whether it be telnet or whatever.

If you don't know for sure that your router password has been secured, it may be worth having someone look into it. It is not the same as setting a password for people to connect to your wifi/network (which a lot of people ignore also), it is the user/password to actually access the router itself. While you are in there make sure your hardware firewall is enabled. This is sometimes missed also.

Now the boring part;
I say I am the head of a web department. Most people assume that means we build websites. This is true.
However we also are a hosting and MSP provider which involves literally running part of the internet. We have a large block of IPs we control, 3 DNS/SOA servers, hundreds of websites ranging from mom&pop to multimillion dollar corporations running on many Web Servers, as well as the SQL servers that support them.
We are also responsible for large corporate private networks, some that span many states. So I have been granted access to some pretty serious stuff and have quite a bit of responsibility in this regard. I take my personal network security so seriously because of the access I have to these systems. If I was ever compromised it could potentially become a pretty serious breach.

I was concerned yesterday that I had lost the password to the router; I remembered it today, and did my quarterly audit. This is more than most people would ever need to worry about, but is yet another practice to help keep things secure.


I do not work here, but the benefits are still awesome
Make your sound your own!