What is remote access to a router. Default router login and password

Hello! Today we'll talk about wireless network security again and I'll talk about how to allow only certain devices to access your router's control panel.

All devices that are connected to your router via Wi-Fi or network cable, can access the settings. Of course, if you have changed your login and password to access the router control panel, then gaining access will not be so easy. But, many of these data are simply not changed and everything is left by default.

Here's an example. I see that I have three networks on my laptop, without protection. Let's connect. The first one gave something like “Windows was unable to connect to...”, probably filtering by MAC addresses. And I immediately connected to the second one. I open the browser and type the usual address 192.168.1.1, enter the standard login and password, admin and admin, and I’m already in the settings of someone else’s router. Although, it wasn’t even a router, but a TP-LINK ADSL modem with Wi-Fi.

So, I already thought, maybe set a password for the network for them :). This is a very big security threat, you can even gain access to the local network if it is configured.

In the settings, immediately go to the tab Security – Local Management (in the Russian version Security - Local Management).

Then everything is simple. It's there by default “All the PCs on the…”. This means that all computers connected to the network are allowed access to the router's web-based utility. We don't need that, we'll fix it now.

Place a check mark next to “Only the PCs listed...” (Only the computers listed...).

At the very bottom there is a point “Your PC's MAC Address” (MAC address of your computer) there is a button opposite it "Add"(Add) . Click on it and the MAC address of our computer (from which we now entered the settings) is already on the allowed list. This means that the control panel can only be accessed from this computer.

You can add other MAC addresses of other devices for which you want to open access to the settings. Just write the new MAC address in another field. You can view the MAC addresses of already connected devices on the tab DHCP – DHCP Clients List (DHCP – DHCP Client List). From there you can copy the address of the desired device.

And here's another for the Russian version:

I think everything is clear there. By the way, there is no need to reboot the router. After clicking the save button, everything starts working.

I only allowed access for my laptop. I tried to open the address 192.168.1.1 on the tablet, but it doesn’t open, it just endlessly loading. Everything is working!

In order to re-open access for all devices, simply check the box next to the item again “All computers on the local network...” and save the changes.

Everything has been checked, everything works!

Best wishes!

Also on the site:

We deny access to the router settings for all devices (except yours) that are connected to your network updated: February 7, 2018 by: admin

Remote access to your home computer - a quick way

By the way, there are simpler and quick options access to your home computer. I will list them below:

TeamViewer. All you need to do is install this program. And during installation, select the checkbox to install it as a server and you want to remotely control this computer. No special settings are required, just set a password.
Ammy Admin- also a good program - works similar to TimViewer
AnyDesk- V currently I use it. Very convenient for logging into other PCs.

These programs use their own cloud proxy, so you don't need a white IP to connect to your home PC.

Here I described simple and quick ways get into your home PC or laptop. And then I’ll tell you how to organize this using the example of a router. It's more complicated, but there are more opportunities.

Remote access to your home computer

If you have been following this series, then you probably already know that I have already drawn your attention to LAN and WAN ports on routers of this series. And now, I will tell you how you can use this information to properly organize remote access to home computer. For example, if you know how to use the built-in Windows feature"Remote Desktop" to control your computer from another room in your house, how about you organize similar access from anywhere in the world, and save yourself from having to pay for various services, such as LogMeIn or GotoMyPC?

All this is possible if you know how to configure your home router. To do this, you need to understand a few things such as WAN, LAN, Dynamic DNS and Port Forwarding (aka Virtual Server). On the one hand, this may seem overwhelming and technically challenging task, on the other hand, it is quite simple if you are familiar with the router's web interface. And in fact, this will allow you to spend one of your weekends interestingly, and in the end you will get some good benefits. Just make sure you always save your router settings to your PC before making any changes.

Accessing your home computer remotely is much easier than you might have thought.

Remote access to a home computer basic concepts

WAN

WAN means Global network and is the IP address given to you by your Internet service provider. This address will always be unique on the Internet. At home, when you have a home network with multiple devices such as tablets, computers, etc., a WAN IP address is assigned to your router, which explains why all routers have a WAN (or Internet) port. This is a port that is assigned a unique WAN IP address. In other words, the WAN address is unique for each home (or office) network. In most cases, at home or in the office, the computer does not need to use the WAN IP address that is assigned to the router.

Note: here we're talking about about IPv4, while IPv6 has been available for a long time, virtually all consumer-grade Internet applications and services still use or support IPv4, and will continue to do so for the foreseeable future.

LAN

Each device, such as a computer, must have its own IP address in order to connect to the router (and from there access the Internet). This IP address is the LAN (or local area) address that the router assigns to connected devices using the DHCP protocol. The router leaves the WAN IP address for itself and then distributes its Internet connection to all devices connected to it. The router does this using a feature called NAT (or Network Address Translation). You don't need to get too deep into NAT - it's just a technology designed to save IPv4 IP addresses. With NAT, a home router can use just one WAN IP address to distribute the Internet to up to 254 devices.

To understand the difference between a WAN address and a LAN address, just imagine that WAN is the street name of a residential building, and LAN is the apartment number in that building. Different apartments in individual buildings may have identical numbers. But their street names (WAN) are always unique.

Remote access to your home computer Dynamic DNS

If you are at home now, go to whatismyipaddress.com and you will see your WAN IP address. Now, if you need to gain remote access to your home local network, you can use this address. In fact, if you have the function enabled remote control on your router, then this is the IP address you need to use to access your router from outside.

Note: For security reasons, if you decide to enable the remote management feature of your home router. It is usually located in the “Administration” or “System” section of the router’s web interface. Also make sure you change the default administrator password to something more secure. And in addition, consider changing the port number through which you access (the default port number is 8080). Also, it would be a good idea to change the default port numbers for known services/applications.

Now knowing that the WAN IP address is not just that. And on top of that, most households tariff plans comes with dynamic IP address WAN that changes periodically. It's better to translate that address into something permanent and easy to remember. To do this, you can use the Dynamic DNS service (DynDNS or DDNS). Many manufacturers, such as Asus or Synology, offer this service for free and it can be activated in the web interface. Also, you can always use DynDNS.org.

Dynamic DNS from Asus.

DynDNS service allows you to create a custom domain. For example, such as myhome.homefpt.net. This will give you something easier to remember than confusing strings of numbers and dots. This domain name must be unique. And if someone has already taken the name you chose, you will have to come up with something new. Once a custom domain has been created, there are several ways you can bind it to a WAN IP address. 1 - by running the DynDNS client on a computer on your home network, then connecting it to the NAS server on your home network. 2 - having appropriated it home router. Most, if not all home routers support Dynamic DNS address. And it can be managed using your router's web interface.

DynDNS is convenient

For example, if you selected myhome.homefpt.net as your DynDNS address and use port 8080. This is for managing the router when you are away from home. You can simply type myhome.homefpt.net:8080 into your browser to access your router's interface. This works with almost all home routers except Apple.

Connect using a properly configured Dynamic DNS service.

Remote access to your home computer - port forwarding

Now that you can access your home router. AND next step will bypass your router. And gain access to specific device on your home network. To do this, you need to activate the service that is responsible for remote access on your computer or laptop. (i.e. make sure the option Remote Desktop activated on the computer). And then configure the router to forward the port of this service to your computer. Most services have their own default port. The default port number for remote management of the router is 8080. I mentioned this above. Likewise, there is a default port for Remote Desktop Services - 3389.

Port forwarding or virtual server

In many routers, the port forwarding function is also called Virtual server. In order to configure this, you need to specify in local IP address computer. Also the port number (or range of ports). And save the configuration. For example, if your Windows computer will have a local IP address of 192.168.1.100, then forwarding port 3389 to this IP address will allow you to manage it. For example using Remote Desktop from anywhere in the world. Be using the DynDNS address assigned to your router. Please note that software The Remote Desktop Client is available for all versions of Windows. And downloadable for Mac. But only Windows versions such as Pro, Business, or Ultimate editions can be used as a target to create a Remote Desktop connection.

Here typical example Port forwarding for Remote Desktop in the router web interface.

With DynDNS, you can link many services from your home. Here are some default ports and their services: 80 (HTTP, for web server). 3389 (Remote Desktop), and 21 (FTP, for Ftp server).

Please note that the computer's local IP (LAN) address may also change after a restart. You can adjust it so that it remains the same. To do this, you need to use the IP (or DHCP) “Reservation” function. It allows you to assign received IP addresses to specific devices.

That's all. Thank you for your attention.

The problem has been known for quite some time, but the manufacturing company is in no hurry to “patch the holes”! For many routers, it is possible to gain access to the admin panel by sending a special request!

I tested this vulnerability on two of my devices: an older D-link DIR-320 and a newer DIR-300NRU. They were both in danger!

The bottom line is that many users enable the option remote administration router so you can connect to it from anywhere globe. Of course, the admin panel is password protected, but this password can be found by executing a request like “/model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd”.

And here is our router password open form!

Substituting this spell in address bar browser immediately after the router address (both local: 192.168.0.1 and “external”), you will receive a login and password in clear text. If your router is located at standard address(192.168.0.1), then you can check its vulnerability using this link!

There is nothing wrong with this as long as your router is configured to ignore “external” connections, that is, for now you can only configure it when connected via a Wi-Fi network or using an Ethernet cable. But if you allow any user to access the router, then you may have problems!

What information could an attacker obtain or use?

First, he accesses the settings Wi-Fi points and can find out the password for a specific Wi-Fi point:

We can see the password for the Wi-Fi point

After receiving access data, an attacker living in your city can use this data to connect to the local network and gain access to local resources, that is, all “shared” folders and shared documents!

Second, it can figure out the internal network infrastructure and, if necessary, enable unused (but long-established) port forwarding rules to gain access to FTP, RDP, SSH and other protocols and ports.

Port forwarding that was disabled for security can be enabled again!

There is also a special router model that allows you to connect external hard disk and use it to download torrents, distribute an iTunes library, and more. This model is also susceptible to a similar vulnerability, and if an attacker discovers such a router, he will be able to obtain not only a personal “anonymous FTP server”, but also gain access to all information stored on this disk.

The problem is aggravated by the fact that the router is often left unattended. This is a thing to which the expression “if it works, don’t touch it!” applies, so I don’t know many people who check their router at least once a day. Thus, an attacker can freely change the router settings without raising sufficient suspicion for a long time, until the owner discovers that his password does not match!

Check your router! If it gives you a login and password in pure form using the link I provided above, then disable the possibility of remote administration! Uncheck “Enable remote management”! You can still control your router by connecting to home Wi-Fi network or via cable, but intruders will not be able to gain access!

Uncheck enable remote management!

How else can you spoil the mood of the owner of the router?

Change the password for connecting to the Internet without changing the Wi-Fi password
Change Wi-Fi password
Change the password for the admin panel
Format connected to the router HDD
Forward the internal printer port (DIR-320 and others) to external network and send Daria Dontsova’s fascinating books to print
Set up an FTP server, upload illegal content to the connected drive, call the representatives of the law and naturally hide an innocent person for an impressive period of time!

Everything is limited only by the imagination of the attacker, therefore:

If your router is vulnerable, turn it off immediately and under no circumstances enable the remote administration function!!!

All information is presented for educational purposes. The author is not responsible for the use of this information to harm anyone! Take care of your privacy!

Although not so often, remote access to the router from outside is required. For example, from a different subnet, or even from the Internet. View statistics, adjust something, deny it, or, on the contrary, open access, while being in another city.

Or get inside the network controlled by our router from work. We will consider all these questions and methods of implementation in this article using an example different models routers.

In the first part of the article we will look at the settings to be able to remotely connect directly to the router, in the second part of the article we will look at how to log into the one created by it local network from outside.

Setting up the router

It is logical to assume that you will need to configure the router. To enter the settings menu, use a web browser and the IP address of the router, indicated under the bottom of the router, or in the setup instructions. Let's take the ZyXEL router as an example of configuration.

Label under the bottom

Let's go to settings. Further settings depend on whether we allow connection to the router from any external IP address, or from a specific address. For example, ZyXEL is installed at home, and we need access to the settings from work. The address of the work computer is static, that is, permanent, and in this case it is better for us to choose the second option. If we don’t know when and where the connection will be needed, then we choose the first option.

Setting up a connection from any IP address

In the router settings, go to the “Security” menu, and go to the “Network Address Translation (NAT)” submenu.

Creating an address translation rule

Access to the router web interface will be provided via http protocol(can also be configured for telnet, but this is an outdated technology), standard http port 80 will be used.

So, let's create an access rule:

Interface – select the item by which we are using a connection to the provider (PPPoE, L2TP, PPTP). As an example, let's choose an ISP. Specifically for your case, the type of connection is specified in the contract with the provider;
Protocol – TCP/80;
Redirect to address – here we indicate the IP address of our router. According to the factory settings, it is 192.168.1.1, if it is changed, indicate it;
New destination port number – write 80.

Now, in order to connect to it from the outside, go to the 2IP website and write down the “white” IP address of the router.

Setting up a connection to a specific IP address

Now let's look at the computer installed at work. While at work, use the “ipconfig” command to find out its IP address and write it down on a piece of paper.

Creating rules for one IP address

In the “Action” field, select the “Allow” value. In the “Source IP address” field, select the value “one” and write network address working computer, written down on a piece of paper. In the “Protocol” field, also select “TCP/80”.

Connection via Telnet

Just in case, let's consider setting up via Telnet.

Again, go to the address translation settings (as in the first example), and in the “Protocol” field, select the “TCP/23 – remote terminal(telnet)".

Setting up a connection via Telnet

Accordingly, we specify the port not 80, but 23. We also save the settings and reboot.

Access to another router model

Let's briefly look at another router model - ASUS 520gc.

Go to settings, select “Internet Firewall”, sub-item “Basic Config”.

Enabling access permission from an external network

By default, access is disabled - enable it in the “Enable Web Access from WAN” line. Click “Apply”. Next, we need to find out the IP addresses that the router has assigned to connect to it from the outside. Go to the item “ Status and Log", then the submenu "System Log".

Router logs

We look carefully at the logs and look for the lines indicated in the screenshot. To access the router settings from the internal network, we use the LAN address; to access from the Internet, we use the WAN address.

Accessing a computer through a router

Now let's see how to connect to a computer that is connected to the Internet through our router. Let's take ZyXEL Keenetic again as an example.

First download and install on your computer special program remote access “Remote Desktop”. In some versions Windows given The program is already included in the distribution.

Go to the router settings, item “ home network", sub-item "Servers".

Setting up port forwarding

Check the box “Port forwarding”. In the “Service” field, select “other”, then go to settings Remote programs Desktop, and look at the port number that it uses for remote access. In our example, this is 3389. We write it in the router settings in the “Ports” field.

Next, in the “Server IP address” field, select the “Entered” option, and in the next field write the IP address of the computer on which the program is installed. In our case, 192.168.1.33. In “Description” we write the name of the rule (so as not to get confused if there are many of them), and in “Access from the Internet” we indicate who is allowed to connect remotely. For example, let's allow everyone.

Click the “Add” button.

Setting up your computer's IP address

You noticed that we indicated a fixed IP address of the computer to which we opened access from the outside. This means that you of this computer and there should be Permanent Address, and not a dynamic IP, which can change every time you turn it on. We will fix the network address using the physical MAC address of the computer.

To solve this, you need to allocate a permanent address to this computer in the router settings. Go to the router settings, select the “Home Network” menu, then the “Network Organization” submenu.

Fixing the computer's IP address

At the bottom of the “Leased Addresses” window that opens, in the “MAC Addresses” field, select the “Entered” value. In the next field we enter the MAC address of the computer on which the program is installed, in the third field we write the IP address (for our example - 192.168.1.33.). Give the rule a name.

Click “Fix”.

Now, even if enabled DHCP server, then anyway the IP address for this computer will never change until we cancel the rule.