Over at CNET there is an article about malicious javascript taking advantage of the fact that routers from Linksys, D-Link, Netgear who knows who else have known, default passwords.
This hack uses your web browser to log in to your router using the default password and reprogram your router to use the hackers Domain Name Server! This means when you type in say www.citibank.com you are taken to the hacker’s server, not your banks!
(Mom, you are fine, we’ve changed your password)
I’ve often commented on the fact that while default passwords are necessary, a router should not function until the password is changed from the known default. Your web browser should take you to, minimally, a screen saying you need to change the password.
On Macs with Airport, Apple could insist this as well and then popping up a nice dialog at any internet access attempt.
Change your router password if you have not!
While I never use the default password on mine, or any of my clients routers, this is another reason exactly why I do not use DHCP or DNS supplied from the router, just another security percaution.
My LAN is static, completely. This why I can look at the router and see every IP address that is being used, and track it, know what it is and if I see anything suspicious, I’ll know right away.
I also, always set DNS in my machine as well. I know the convenience of allowing DHCP to just provide it but I like to know what IP addresses are being used, when, by whom and why. Along with that, having DNS set on my machine allows me total control over what DNS servers I want to use. Very nice.
The only time I turn on DHCP is when you come in town haha. Yes, changing the password would allow DHCP with no issues but again, I like to track all IP’s in use.
-Matt