Added: Following reports of malicious attacks on routers from various manufacturers, TP-LINK released a firmware update for routers to prevent potential threats.
(Shenzhen, China) - TP-LINK, an international networking equipment manufacturer, announced that it has released firmware updates for its major routers to prevent malicious attacks from hackers.
After the publication of the official report from Team Cymru, which contained a description of several vulnerabilities in home network equipment, including those of TP-LINK, which makes this equipment vulnerable to hacker attacks, TP-LINK has updated the firmware for all major models of home routers. ...
The firmware of the company's ADSL routers will be updated within a week. Team Cymru is a 501 (c) 3 American non-profit Internet security research organization dedicated to improving Internet security.
Instructions for updating the firmware of TP-LINK routers.
A new hacker attack on routers has affected more than 300,000 home and office devices from manufacturers such as D-Link, TP-Link, Micronet and Tenda. After gaining access to them, the attackers changed the settings of the DNS servers. This was announced earlier this week by researchers from Team Cymru.
Several methods were used to gain access to routers. For example, they used the technique of cross-site request forgery (CSRF), in which the passwords of the web interfaces of the routers are reset and the DNS settings are changed. Also, the configuration files were accessed via unverified URLs.
All of these attacks were made possible by vulnerabilities in the router firmware. Most of the affected users are located in Vietnam, India and Italy, and the United States is also affected. DNS settings for all routers were changed to 5.45.75.11 and 5.45.75.36, which made it possible, for example, to transfer network banking traffic to fake websites where users' financial data were collected, or to install unwanted software on computers. Recently, similar attacks have affected residents of Poland and their banking information.
Recall that not so long ago, from the actions of intruders and the presence of vulnerabilities in the firmware, routers of companies and.
Protecting your Wifi network from hacker attacks using the example of a TP-Link router
This article was written in order to protect ordinary users from malicious attacks by hackers, who often use other people's Internet in this way and steal other people's data over the network.
It is assumed that the routeralready configured and the Internet works.
Chapter 1. Protection.
1) On a device connected to a wifi network, for example, on a PC or laptop, launch any browser, type the following combination in the address line: 192.168.0.1
if it doesn't work, you can try 192.168.1.1
If everything is in order, the browser will ask for a username and password to enter the interface of your TP-Link Wifi router.
Enter login: admin
Password: admin
Thus, we go into the router through the browser to manage the settings of the router.
2) Tab "Status". We copy through a screenshot or simply copy the text information stored on this page somewhere in the archive on a PC, since it will help to restore the Internet connection with your provider, if suddenly, after some manipulations, it disappears.
3) “WPS” tab: WPS state - disable.
Let me explain. WPS is a standard pin code, a password that is required ONLY when setting up the router for the first time. If the router is already configured (network name and password), then WPS is no longer needed and is a weak link in protecting the router from hacker attacks, since it is much easier to pick up a PIN code consisting of numbers than an encrypted password.
4) Tab "Wireless mode".
Configuring Wireless Mode
We set the name of our Wifi network (network name) → save (if you are satisfied with the already set name, you can not change it)
Wireless security.
We set the password encryption method and the password itself, or change them (if desired) if the password is already configured and working. Usually, you should set the recommended parameters. Your password (the longer and with different characters - the better - for example, in one password it is desirable to use the Latin alphabet, numbers, signs! ”No.;%:? * () And the like). - Save. (the main thing is not to forget this password later)
*!ATTENTION! Before performing the next step, you need to have a minimal understanding of what a MAC address is and where to get it. On any device with any operating system (Windows, Android, Linux), it is not at all difficult to determine the device's own Mac-address (PC, smartphone, tablet), Google will help, I will just add one more method: BEFORE filtering Mac-addresses for To control the router as in this manual, connect to your Wifi network using those devices whose MAC addresses you want to find out. All of them will be displayed on the tab: DHCP - List of DHCP clients. So, let's continue:
Filtering MAC addresses. Well, here we finally come to some very important steps to protect your Wifi network.
First add the mac addresses of your devices that are connected or periodically connect to your wifi network. It is important not to confuse anything here, enter Mac addresses with a colon, like XX: XX: XX: XX: XX: XX
Then - filtering rules: Allow stations specified in included entries.
Then - Filtering by Mac - addresses - enable.
** Tip: when adding or editing your Mac addresses, it is advisable to indicate in the description the belonging of this device (for example, PC-Andrey, Smartphone-Janna, LG-Tablet, etc. This will eliminate unnecessary questions in the future)
5) Tab "Security"
Basic protection settings.
Turn on everything, VPN - according to the situation (if you have one, then turn on the pass).
Advanced protection settings.
DoS protection - enable.
Enable all types of filtering.
Local management
By analogy with the item "Filtering Mac addresses", we add here the devices from which it will be possible to enter (and only from them) to the router settings page.
Parental control - disable (if suddenly you need this function - google, but for security it does not matter, it only restricts access to the Internet).
6) Tab "System Tools"
Password.
We set our username and password to enter the router control page instead of the standard admin - admin. Naturally, we remember.
Backup and restore
We save the settings you made (just in case they suddenly crash) by clicking on the "Backup" button. Save the file with the .bin extension. In the future, it will be possible to recover from it by going to the same menu item.
Statistics.
Turn on.
This completes the configuration of protecting your router and your wifi network. Of course, you cannot completely protect yourself from all threats from the Internet (after all, they somehow hack the Pentagon, etc.), but you can believe that if the price of the issue is less than a million dollars, then hack your network and, accordingly, your computer with such protection few people want to, because it is associated with too much labor and time-costs.
Chapter 2. Viewing router statistics for traces of hacking.
1) Tab "Wireless mode"
Wireless Statistics
All Mac addresses that are currently using your Wifi network are listed here. If at this point there is an unknown Mac-address, this may be suggestive (although if you configured everything correctly according to the instructions in Chapter 1, then no creature can get here so easily). Just at this point, you can monitor the clients of your wireless network for your own peace of mind.
2) The "DHCP" tab
DHCP client list.
Devices that have entered the network using your password and to which the router have automatically assigned a temporary IP address are shown here. (Again for your own comfort.)
3) Tab "System Tools"
Statistics. (if it is of course included as indicated in Chapter 1)
All devices using your router are visible here.
Common for all types of statistics - see sent and received packets, the number of bytes sent and received. If these parameters are zero, then the device does not transmit any information using your router.
This concludes the article. Thanks to everybody, you're free. There is a dedicated button for donation.)
https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=U4MB96DDZLVGE
Problems when distributing Wi-Fi using a router arise for various reasons. One of them is the infection of the distributor with a virus that you can get rid of on your own.
- a virus that slows down the speed of the Internet in various ways. For example, such malicious software knocks down the firmware settings or starts downloading some viral advertising content to the computer;
- a virus that spoofs site addresses. It looks like this: a user visits any known secure site, and the virus changes the DNS in such a way that the user gets to an advertising site or sees advertising banners where the site owners did not place them. Such a virus is also dangerous in that it can transfer you to a site containing other viruses.
In any case, if you notice the incorrect operation of the router, it is worth checking it for viruses, moreover, getting rid of them is very easy.
How does the virus get into the router?
The router provides the Internet to all devices connected to it. This means that all devices and the router itself are on the same home network. This is what the virus uses: it gets to the computer from some website or downloaded file, and then it is transmitted over the network to the router, where it starts nasty. The process depends on the model of the virus, for example, some malware does not specifically detect itself on the computer, but begins to act only when it gets into the router, while others manage to harm both the operating system and the firmware of the router at the same time.
Router check
Before you clean the router from viruses, you need to check if they are on it. To find out the result, you need to use the Internet directly through your computer. That is, pull out the WLAN cable or modem from the router and insert it into the computer port, and then follow these steps:
If you are having speed problems, follow these three steps.
- Check your internet speed. This must be done in order to find out in the future whether the speed is the same when using the network directly and through a router. For example, you can download a file or use the special online service Speedtest.
Scanning internet speed through the Speedtest website
- To more accurately determine the signal quality, you need to know the ping rate. Ping is the time it takes for a signal to be sent from your device, to the server, and back. Naturally, the larger it is, the worse it is for you. Open a command prompt, write the ping ip command and execute it. The IP address of your connection, the default is usually 192.168.0.1, but may differ. Remember the result obtained. A normal ping value of up to 40 ms is an excellent indicator, 40–110 ms is a normal average value, more than 110 ms - you should think about reconfiguring the network, improving the signal or changing the provider.
We execute the ping ip command
- After the list of sent packages, you will see statistics. You are interested in the "Packets" line, it calculates how many packets were sent, lost, completed. If the number of lost packets exceeds 5%, you need to find out what the problem is. If a large number of packets do not reach the server or return, this will greatly affect the Internet speed.
See what percentage of packets are lost
After you describe all the above steps, get detailed information about the ping, the number of lost packets and the Internet speed, reconnect the WLAN cable or modem to the router and check all the same indicators when connecting via Wi-Fi. If the parameters are approximately at the same level, then the problem does not lie in the router, perhaps the reason is on the operator's side. Otherwise, if problems with the Internet arise only when using it through a router, you need to reset the settings and clean them from viruses.
Virus removal
To remove the virus, you need to reset the settings to their default values. If the virus has managed to damage the firmware, you will have to install it again yourself.
Reset parameters
- Find the Reset button on the back of the router. She is usually the least of all the others. You need to hold it down for 10-15 seconds. When the router turns off and starts to reboot, you can release it. Restarting the router will notify you that the settings have been reset. Please note that the set password will also disappear.
Press the Reset button
- To re-configure the router, you need to connect it to the computer via cable, and then open the browser and go to http://192.168.0.1. Perhaps the address will be different, you can find it out on a sticker located on the router itself, or in the documentation that came with the router. You will be asked for a username and password, by default the username is admin, and the password is admin or 12345. For details, see the instructions for the router.
- Go to quick setup. Specify the options that suit you. If you want, set a password and change the name of the network. After going through the setup procedure, save the changes and reboot the router.
Go to the "Quick setup" section and set convenient settings
After completing all the above steps, check if you have gotten rid of the error. If not, you will have to manually reflash the router.
Flashing the router
Router firmware is only possible if the device is connected to the computer using a cable. You cannot update the firmware over Wi-Fi.
- There is a sticker on the back of the router. Find your router model on it. It also contains information about the firmware version installed initially. If its version is 7, then it is better to install the update for version 7 in order to avoid a conflict of too new firmwares with the old hardware of the router.
Find out the firmware version and router model
- Go to the manufacturer's website and use the search box to find the version you need for your model. Download it to your computer.
Find and download the required firmware version
- The downloaded file will be zipped. Extract its contents to any convenient folder.
We indicate the path to the firmware
- Start the update procedure and wait for it to complete. Reboot your router. The firmware needs to be updated, and all problems and viruses are most likely gone.
We are waiting for the end of the installation
Video: how to flash a router
How to protect your router from viruses in the future
The only way to protect your router from viruses is to prevent them from entering your computer. Computer protection is carried out by means of antivirus. Install and under no circumstances disable any modern antivirus. It is almost impossible to catch malicious software with activated antivirus. It is not even necessary to use paid security programs, nowadays there are enough high-quality free counterparts.
What to do if all else fails
If the implementation of all the above instructions did not bring the desired result, there are two options: the problem arises due to the breakdown of the physical part of the router or errors on the provider's side. First, you should call the company that provides you with the Internet and tell them about your problem and the methods that have not helped to solve it. Secondly, the router should be taken to a special service for specialists to examine it.
Infection with a router virus is rare, but dangerous. There are two ways to get rid of the virus: by resetting the settings and updating the firmware. You also need to make sure that no malware remains on your computer.
Prolongation of registration of participants in the "Living Classics" competition!
Who deleted me from friends on VKontakte All friends disappeared from the contact
Which operator was the best in Russia
Double cassette tape recorder
"VK" can be closed for a long time