Someone tried to hack my ASUS router?

Discussion in 'Network Routers' started by Robert Crandal, Nov 29, 2014.

  1. I have an ASUS AC68U wireless router. I stepped away from
    my computer for about an hour to eat dinner. When I
    returned to my computer I saw that my laptop had
    "Authentication Required" popup window on my web browser.
    This popup usually appears when I try to access my router
    firmware by typing 192.168.1.1 into my web browser.

    Does this mean someone tried to access my modem firmware
    remotely? I was home alone at the time, so I'm wondering
    what would cause that password "Authentication Required"
    popup to suddenly show up on my browser??? Any ideas?
     
    Robert Crandal, Nov 29, 2014
    #1
    1. Advertisements

  2. Robert Crandal

    VanguardLH Guest

    Did you look in Task Manager's Processes tab to see if there was a
    remnant or hidden instance of your unidentified web browser? If so,
    kill all instances of your web browser and start reviewing to where you
    visit. A site can load another instance of the web browser (even one
    without a visible window) and leave that running in the background after
    you closed the visible instance(s) you opened.
    Nope, the dialog wasn't for an outside connection coming it. You would
    never see that dialog. That dialog is your host trying to connect via
    the unidentified application to the router and not to its firmware but
    to the web server running inside your router.
    Something running on your host tried to establish a connection to your
    router's web server. If you haven't a clue as to what program that
    login dialog belongs, use SysInternals' Process Explorer. In its
    toolbar is a target icon. Click on it and then drag it to the window.
    It will tell which process owns that window.

    Have you ran a manual anti-virus scan yet? If so, with what?
     
    VanguardLH, Nov 30, 2014
    #2
    1. Advertisements

  3. Nah, I forgot to check the Processes information on that day. I was
    using Google Chrome on Windows 7 on the day that it happened.
    When I walked back to my PC and saw the popup dialog box asking for
    username and password. I was just wondering why it showed up
    when I was away from my computer.
    Okay thanks. I will remember to do this next time I see something
    similar happen.
    Yes, I run scans almost every week, and it was all clear. I scan
    with both Malwarebytes and Microsoft Security Essentials.
     
    Robert Crandal, Dec 2, 2014
    #3
  4. Robert Crandal

    VanguardLH Guest

    Then perhaps the page you were visiting and left open (when you walked
    away and returned to find the login dialog) is running Javascript that
    tried to connect to your router.

    Are you running any software on your computer that tries to connect to
    the router's web server? For example only, there is a log utility
    (forget its name) that monitors the log in the router (if enabled) to
    provide a better layout and longer recording of the log. It has to
    connect to the router to get the log data. You could use SysInternals'
    TCPview to see what processes, if any, make connections to your router
    (probably 192.168.0.1 for its LAN-side IP address).
     
    VanguardLH, Dec 2, 2014
    #4
  5. Robert Crandal

    dav3nator

    Joined:
    Jan 3, 2015
    Messages:
    3
    Likes Received:
    0
    Probably not.

    If you want to be certain to prevent unauthorized access then ensure you lock down your router.

    1. Turn off remote admin access (via the internet)
    2. Strong Wifi Key (Letters UPPER/lower case, numbers, special characters, no repeating characters, no patterns and 32 characters in length.
    3. Use WPA2 because WPA is not as secure. NEVER use WEP.
    4. Use MAC address control.
    5. enable https:// for secure internal access of your router.
    6. change the admin password from default (16 character minimum and same specs as tip 2.

    Beyond that read up on some of your routers features because it probably has more options than what I listed.

    If your Wifi Key is something like abc123, I could crack it in a heartbeat. However something like )[1LiK3W|r3lE5$NetW0Rk!nG]( would take much more time to crack. Don't hide your SSID because it makes you look different from everybody else and I would think what is this guy trying to hide. The only reason I hide an SSID is to prevent confusion because I have a lot of wireless networks.
     
    dav3nator, Jan 3, 2015
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.