Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If you don't expose any external services of the router then it's a bit hard for botnets to take advantage of your router.

Most of these routers are likely becoming part of the botnet for enabling external web management and/or using default creds (especially if SSH is exposed externally).

Security isn't exceptionally hard, if you actually put some effort into it.



There have been plenty of router exploits that begin with a pivot from a web browser to a poorly secured admin panel on the local network. Firewalling incoming traffic from the Internet to the router's management interface is no security panacea.


Again, as I mentioned, the bulk of those rely on default creds.

Many of the big manufacturers have been tackling that issue by forcing a password change at setup and not allowing an insecure default to be chosen.


> a poorly secured admin panel on the local network

Why is the web interface left on? Just turn that off, there shouldn't be much to do with that.


Not sure you'll see this, with HN's lack of notifications, and so much time elapsed but here's the answer:

Most consumer routers do not support disabling the web interface on the local network, as it's the primary (only?) means of administration for them. This attack relies on getting users to browse to an address with default creds by some means, with a URL prepended that will cause the desired action to occur. More often than not a popular action is to modify the DNS servers used, so that DNS traffic can then me manipulated to point to malicious servers used for the ultimate attack.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: