Routers are one of the most attractive points of a network for attackers in Ethical hacking. These ubiquitous network devices often have more than one vulnerability, not to mention the impact that human error can have in managing these devices.
This article details attacking routers from an ethical hacker’s perspective, including password-related issues, and moves on to more traditional attacks on routers that aren’t password-focused. Given how common routers are in both corporate and home networks, ethical hackers need to be aware of these attacks in order to better tighten their organization’s network defenses.
The elephant in the room[Ethical hacking]
Routers have a major weakness, and there is probably no technological measure that can fix it — human error. Every enterprise router worth its salt uses a password, and unfortunately, many information security professionals and remote workers never change their router’s default password. Statistics say that the number of those who neglect to change their password is 30% and 46%, respectively, which is shocking (especially for information security professionals).
Not changing your router’s password may be the biggest weakness of your organization’s router. Does it sound like you’re changing it now? I thought so. But don’t give up just yet—just changing the default password isn’t enough to prevent router password attacks. For those using wireless routers (most of them are at this point), passwords can still be changed once data packets are intercepted by attackers.
The aforementioned password issue has fueled the rise of wireless attacks. The main goal of these attacks is to crack a password, usually using default passwords and using dictionary cracks.
The most popular tool used for this today is Aircrack-ng. Included in Kali Linux, this hacking program is a standalone suite that includes features for 802.11 WEP and WPA-PSK key cracker with the ability to recover keys from captured data packets. Using airmon-ng allows attackers to capture the authentication handshake used to crack WPA/SPA2-PSK.
Ethical hackers should use Aircrack-ng against their organization’s wireless router to determine how vulnerable their router is and apply any security modifications to their particular router accordingly.
Scanning the router
Router scanning is a kind of hybrid method of attacking both LAN and wireless (added later) routers that scan an organization’s subnets and then attack the routers found. Router Scan by Stas’M is a hacking tool that allows hackers to scan a router and has the ability to get important information about a wireless router, including the access point name (SSID), access point key (password), and even what the encryption method is. uses a wireless router.
This information is collected in two ways – it uses a list of standard passwords to guess the router’s password, and exploits router model-specific vulnerabilities to either collect the above information or even bypass authorization altogether. Ethical hackers can use this program to test how ready their password is to attack, get a better idea of the vulnerability of the router model they are using, and better understand how attackers go about using this method to attack their router.
As an ethical hacker, you can’t just get hung up on passwords. While router password weaknesses are glaring, they are not the only target of attackers. Below are the most common non-password router attacks.
Denial of Service (DoS)
Denial of Service (DoS) attacks are the most popular form of non-password router attacks. These attacks take many forms, but basically they all have the same end – overwhelming the router with so many requests that it either slows down or crashes the servers behind the router. Commonly seen forms of this attack include Ping of Death, Smurf, buffer overflow and SYN attacks.
Ethical hackers should try as many different forms of DoS attacks against their router as possible to see how their router and ultimately their network would react. Appropriate corrective actions include reconfiguring router access control lists to prevent problematic traffic.
Packet manipulation attacks
This type of attack injects malicious code into the router, which then confuses and eventually disrupts the routers. Routers use what is called a routing process, and when malicious code is injected into that process, it prevents the router from processing packets in the routing table.
Eventually, this malicious code starts to loop around the organization’s network. The network then becomes substantially congested, making it difficult for network engineers to debug.
Router table poisoning
Routers use routing tables to transmit and receive information. Router tables are vulnerable; Without proper security, router poisoning attacks can cause malicious changes to the router table routine. Hackers usually get to this point by modifying router table information packets. The end result is damage to the networks and servers behind the router.
Ethical hackers need to understand their router model and configure appropriate security measures to defeat router table poisoning attacks.
These attacks are one-off attacks that are sometimes referred to as test hacks. Hit-and-run attacks inject malicious data into routers via code and usually cause the routers to perform unusual routines.
Ethical hackers should work with the information security professionals in the organization responsible for breach and detection by staging one of these attacks so that the organization can better understand what will happen if it happens in the real world.
Routers are one of the main points of attack for hackers and an ethical hacker in an organization needs to keep this in mind. By tightening router password policies and deploying these attacks against their organization’s routers, ethical hackers will have a more secure baseline of how ready their organization’s router is for attack.
After testing them, you know the drill: take appropriate corrective and tightening measures, then test again and again.
- Router attacks: Five simple tips to lock criminals out, WeLiveSecurity
- DoS (Denial of Service) Attack Tutorial: Ping of Death, DDOS, Guru99
- Ethical hacking: Aircrack-ng (WiFI Password Cracker), Kalamawi