Scenario
2
There
is another weak point a hacker may exploit when WPA or WEP
security is disabled. Your wireless router can be wirelessly
controlled via a web browser. This is a great feature that
allows you to adjust router settings from anywhere within
your house.
The
problem is that after the initial router setup majority of
people do not change the default router password leaving the
device accessible to a hacker. Changing the default password
is easy to do in your router's control panel. Most wireless
routers ship with IP address 192.168.1.1. When you type these
numbers into your browser you will be taken to the router's
settings panel which is nothing more than a webpage generated
by the router.
This
webpage will prompt you for a user name and password. If you
have the documentation that came with the router the default
IP address, user name and password will all be listed there.
For example Linksys WRT54G router can be accessed by using
these factory defaults:
IP:
192.168.1.1
user name: admin
password: admin
Leaving
these three values at their factory defaults is like leaving
your car unlocked and running. Changing the IP address but
leaving the user name and password at their default setting
is a weak form of protection. The IP address can easily be
obtained by executing IPCONFIG command in DOS while connected
to the WiFi network. The IPCONFIG command will return the
"Default Gateway" IP address. This is the router's
home address [Fig. 1].
Knowing
which router brand you have is sometimes enough for a hacker
to obtain login information. There are many websites that
list default passwords like this
one.
Fig. 1 Using IPCONFIG to obtain
router's IP address
1,
2,
3, 4,
next
|
