cannot access ebay....

Tired wrote:
> A problem on a friends bt broadband. I cannot access www.ebay.co.uk.
> All other sites seem to be ok. Just this one site. Tried changing mtu
> values, tried changing wireless dongle (this seemed to have worked,
> but problem back).

Thanks for the help. Tracked the problem down. Some kind of trojan had
accessed the router (dlink router with admin admin as user /password) and
had changed the dns server settings.

Put them back to automatic and flushed dns cache, problem solved......

Tired wrote:
> Tired wrote:
>> A problem on a friends bt broadband. I cannot access www.ebay.co.uk.
>> All other sites seem to be ok. Just this one site. Tried changing mtu
>> values, tried changing wireless dongle (this seemed to have worked,
>> but problem back).
>
> Thanks for the help. Tracked the problem down. Some kind of trojan had
> accessed the router (dlink router with admin admin as user /password) and
> had changed the dns server settings.
>
> Put them back to automatic and flushed dns cache, problem solved......
>
>
i've logged into at least three routers like that, that had been used to
launch DOS attacks.. and shut them down HOPING that whoever owned them
would notice and rejig the password...

On 24/11/2011 23:10, The Natural Philosopher wrote:
> Tired wrote:
>> Tired wrote:
>>> A problem on a friends bt broadband. I cannot access www.ebay.co.uk.
>>> All other sites seem to be ok. Just this one site. Tried changing mtu
>>> values, tried changing wireless dongle (this seemed to have worked,
>>> but problem back).
>>
>> Thanks for the help. Tracked the problem down. Some kind of trojan had
>> accessed the router (dlink router with admin admin as user /password)
>> and had changed the dns server settings.
>>
>> Put them back to automatic and flushed dns cache, problem solved......
>>
> i've logged into at least three routers like that, that had been used to
> launch DOS attacks.. and shut them down HOPING that whoever owned them
> would notice and rejig the password...
>
At least it is sorted now, first thing to do when setting up a router is
to change the default username/password of it IMHO.
TGH

TGH wrote:
> On 24/11/2011 23:10, The Natural Philosopher wrote:
>> Tired wrote:
>>> Tired wrote:
>>>> A problem on a friends bt broadband. I cannot access www.ebay.co.uk.
>>>> All other sites seem to be ok. Just this one site. Tried changing mtu
>>>> values, tried changing wireless dongle (this seemed to have worked,
>>>> but problem back).
>>>
>>> Thanks for the help. Tracked the problem down. Some kind of trojan had
>>> accessed the router (dlink router with admin admin as user /password)
>>> and had changed the dns server settings.
>>>
>>> Put them back to automatic and flushed dns cache, problem solved......
>>>
>> i've logged into at least three routers like that, that had been used to
>> launch DOS attacks.. and shut them down HOPING that whoever owned them
>> would notice and rejig the password...
>>
> At least it is sorted now, first thing to do when setting up a router is
> to change the default username/password of it IMHO.
> TGH
And unless you are a total noob, remove access to its admin pages from
the internet at large. At the worsts, make sure only a range
corresponding to your ISP can access it.

In article <jangpt$pe8$(E-Mail Removed)>, TGH <(E-Mail Removed)>
writes

>At least it is sorted now, first thing to do when setting up a router is
>to change the default username/password of it IMHO.

Then untick the option that exposes the management interface to the
internet!

--
(\__/)
(='.'=)
(")_(")

TGH wrote:
> On 24/11/2011 23:10, The Natural Philosopher wrote:
>> Tired wrote:
>>> Tired wrote:
>>>> A problem on a friends bt broadband. I cannot access
>>>> www.ebay.co.uk. All other sites seem to be ok. Just this one site.
>>>> Tried changing mtu values, tried changing wireless dongle (this
>>>> seemed to have worked, but problem back).
>>>
>>> Thanks for the help. Tracked the problem down. Some kind of trojan
>>> had accessed the router (dlink router with admin admin as user
>>> /password) and had changed the dns server settings.
>>>
>>> Put them back to automatic and flushed dns cache, problem
>>> solved......
>> i've logged into at least three routers like that, that had been
>> used to launch DOS attacks.. and shut them down HOPING that whoever
>> owned them would notice and rejig the password...
>>
> At least it is sorted now, first thing to do when setting up a router
> is to change the default username/password of it IMHO.
> TGH

changed his password.

As i understand it though changing the password isnt good enough. The trojan
doesnt just rely on default passwords, but on users 'remembering' the
password in Internet Explorer, and then using that to access.

I would imagine that each router type would need a sophisticated script to
work. I have come across netgears with screwed up dns settings, but never a
dlink.

The Natural Philosopher wrote:
> TGH wrote:
>> On 24/11/2011 23:10, The Natural Philosopher wrote:
>>> Tired wrote:
>>>> Tired wrote:
>>>>> A problem on a friends bt broadband. I cannot access
>>>>> www.ebay.co.uk. All other sites seem to be ok. Just this one
>>>>> site. Tried changing mtu values, tried changing wireless dongle
>>>>> (this seemed to have worked, but problem back).
>>>>
>>>> Thanks for the help. Tracked the problem down. Some kind of trojan
>>>> had accessed the router (dlink router with admin admin as user
>>>> /password) and had changed the dns server settings.
>>>>
>>>> Put them back to automatic and flushed dns cache, problem
>>>> solved......
>>> i've logged into at least three routers like that, that had been
>>> used to launch DOS attacks.. and shut them down HOPING that whoever
>>> owned them would notice and rejig the password...
>>>
>> At least it is sorted now, first thing to do when setting up a
>> router is to change the default username/password of it IMHO.
>> TGH
> And unless you are a total noob, remove access to its admin pages from
> the internet at large. At the worsts, make sure only a range
> corresponding to your ISP can access it.

I dont think i have come across a router that has external access enabled by
default.

On Fri, 25 Nov 2011 13:52:02 +0000, Tired texted:

> TGH wrote:
>> On 24/11/2011 23:10, The Natural Philosopher wrote:
>>> Tired wrote:
>>>> Tired wrote:
>>>>> A problem on a friends bt broadband. I cannot access www.ebay.co.uk.
>>>>> All other sites seem to be ok. Just this one site. Tried changing
>>>>> mtu values, tried changing wireless dongle (this seemed to have
>>>>> worked, but problem back).
>>>>
>>>> Thanks for the help. Tracked the problem down. Some kind of trojan
>>>> had accessed the router (dlink router with admin admin as user
>>>> /password) and had changed the dns server settings.
>>>>
>>>> Put them back to automatic and flushed dns cache, problem
>>>> solved......
>>> i've logged into at least three routers like that, that had been used
>>> to launch DOS attacks.. and shut them down HOPING that whoever owned
>>> them would notice and rejig the password...
>>>
>> At least it is sorted now, first thing to do when setting up a router
>> is to change the default username/password of it IMHO. TGH
>
> changed his password.
>
> As i understand it though changing the password isnt good enough. The
> trojan doesnt just rely on default passwords, but on users 'remembering'
> the password in Internet Explorer, and then using that to access.
>
CSRF - common as fuck. Easy to scan given customer ranges belonging to
certain telco's where vulnerable routers live - especially if they have
certain default ports open.

Tired wrote:
> The Natural Philosopher wrote:
>> TGH wrote:
>>> On 24/11/2011 23:10, The Natural Philosopher wrote:
>>>> Tired wrote:
>>>>> Tired wrote:
>>>>>> A problem on a friends bt broadband. I cannot access
>>>>>> www.ebay.co.uk. All other sites seem to be ok. Just this one
>>>>>> site. Tried changing mtu values, tried changing wireless dongle
>>>>>> (this seemed to have worked, but problem back).
>>>>> Thanks for the help. Tracked the problem down. Some kind of trojan
>>>>> had accessed the router (dlink router with admin admin as user
>>>>> /password) and had changed the dns server settings.
>>>>>
>>>>> Put them back to automatic and flushed dns cache, problem
>>>>> solved......
>>>> i've logged into at least three routers like that, that had been
>>>> used to launch DOS attacks.. and shut them down HOPING that whoever
>>>> owned them would notice and rejig the password...
>>>>
>>> At least it is sorted now, first thing to do when setting up a
>>> router is to change the default username/password of it IMHO.
>>> TGH
>> And unless you are a total noob, remove access to its admin pages from
>> the internet at large. At the worsts, make sure only a range
>> corresponding to your ISP can access it.
>
> I dont think i have come across a router that has external access enabled by
> default.
>
>
depends on which ISP supplies it.

Some come that way for 'remote support by the ISP'

TGH <(E-Mail Removed)> considered Fri, 25 Nov 2011 07:40:41 +0000
the perfect time to write:

>On 24/11/2011 23:10, The Natural Philosopher wrote:
>> Tired wrote:
>>> Tired wrote:
>>>> A problem on a friends bt broadband. I cannot access www.ebay.co.uk.
>>>> All other sites seem to be ok. Just this one site. Tried changing mtu
>>>> values, tried changing wireless dongle (this seemed to have worked,
>>>> but problem back).
>>>
>>> Thanks for the help. Tracked the problem down. Some kind of trojan had
>>> accessed the router (dlink router with admin admin as user /password)
>>> and had changed the dns server settings.
>>>
>>> Put them back to automatic and flushed dns cache, problem solved......
>>>
>> i've logged into at least three routers like that, that had been used to
>> launch DOS attacks.. and shut them down HOPING that whoever owned them
>> would notice and rejig the password...
>>
>At least it is sorted now, first thing to do when setting up a router is
>to change the default username/password of it IMHO.
>TGH
I hope most (if not all) of us on here realise that.
The problems are the ones who don't.

A few years ago I came across one that was such a mess that I was able
to find the email addresses for all the users on the network it was
connecting, and emailed their "network admin", MD, and HR department
offering my services as security consultant with an explanation of why
they needed one, and the new, secure, admin names and passwords for
their router and email server (it was self defence - they were
mail-bombing a server on a network I was asked to sort out after it
got bogged down dealing with the consequences of the malware on their
unsecured systems).

A couple of weeks later I built and installed a firewall for them -
their "network admin" had been the supposedly computer literate son of
one of the directors, setting it up in his school holidays.
Needless to say, the router and firewalling weren't the only things
that needed fixing.

They were a business contact of the place I was originally sorting
out, so simply blocking them wasn't an option.