Ethical hacking: Attacking routers
Routers are one of the most attractive points of a network for attackers to prey upon. These ubiquitous network devices often have more than one vulnerability, not to mention the effects that human error can have when administering these devices.
This article will detail attacking routers from the ethical hacker’s perspective, including password-related issues, and will move on to more traditional router attacks that are not password-focused. Considering how common routers are on both enterprise and home networks, ethical hackers need to know about these attacks so they can better tighten security in their organization’s network defenses.
What should you learn next?
The elephant in the room
Routers have a major weakness and there is probably no technological measure that can remedy it — human error. Any enterprise router worth its salt uses a password, and unfortunately, many information security professionals and remote workers never change their default router password. The statistics say that the number of those who neglect the password change is 30% and 46% respectively, which is shocking (especially for the information security professional).
Not changing your router’s password may be the biggest weak point on your organization’s router. Is that the sound of you changing it right now? I thought so. Don’t relax just yet, though — simply changing your default password is not enough to ward of router password attacks. For those using wireless routers (most are by this point), passwords can still be changed once data packets are captured by attackers.
Wireless attacks
The password issue mentioned above has spurred an increase in wireless attacks. The main goal of these attacks to crack the password, normally by using default passwords and with dictionary cracks.
The most popular tool used for this today is Aircrack-ng. Included in Kali Linux, this hacking program is a standalone suite that features 802.11 WEP and WPA-PSK key cracker functionality with the capability to recover keys from captured data packets. Using airmon-ng allows attackers to capture the authentication handshake, which is used to crack the WPA/SPA2-PSK.
Ethical hackers should use Aircrack-ng against their organization’s wireless router to see how vulnerable their router is, and then make any security adjustments available to their particular router accordingly.
Router scanning
Router scanning is a sort of hybrid attack method on both LAN and wireless (added later) routers that scans organization subnets and then attacks routers it finds. Router Scan by Stas’M is a hacking tool that allows hackers to perform router scanning and has the capability to pull important information about the wireless router, including access point name (SSID), access point key (password) and even what encryption method is used by the wireless router.
This information is gathered two ways— it uses a list of standard passwords to guess the router password and uses router model-specific vulnerabilities to either gather the information above or even bypass authorization altogether. Ethical hackers can use this program to test how attack-ready their password is, get a better idea of the vulnerabilities of the router model they use and to better understand how attackers act when using this method to attack their router.
Non-password-focused attacks
As an ethical hacker, you cannot get hung up on passwords alone. While password weaknesses in routers are glaring, they are not the only focus of attackers. Below are the most common non-password-focused router attacks.
Denial of Service (DoS)
Denial of Service (DoS) attacks are the most popular form of non-password-focused router attacks. These attacks come in many forms but essentially all have the same end — flooding the router with so many requests that results in either slowing down or crashing servers behind the router. Commonly seen forms of this attack include Ping of Death, Smurf, buffer overflow and SYN attacks.
Ethical hackers should attempt as many different forms of DoS attacks against their router to see how their router, and ultimately their network, would respond. Appropriate remedial measures include reconfiguring router Access Control Lists to drop the offending traffic.
Packet mistreating attacks
This type of attack injects malicious code into the router, which then confuses and ultimately disrupts routers. Routers use what is called the routing process, and when malicious code is injected into this process, it stops the router from being able to handle packets in the routing table.
Eventually, this malicious code starts circulating around the organization’s network in a loop. The network then becomes substantially congested, making it increasingly difficult for network engineers to debug.
Router table poisoning
Routers use routing tables that transfer and receive information. Router tables are vulnerable; without proper security, router poisoning attacks can make malicious changes to the router table’s routine. Hackers normally get to this point by editing router table information packets. The end result is damage to the networks and servers behind the router.
Ethical hackers need to understand their router model and configure applicable security measures as appropriate to squash router table poisoning attacks.
Hit-and-run attacks
These attacks are one-off attacks that are sometimes referred to as test hacks. Hit-and-run attacks inject malicious data via code into routers and normally cause routers to perform unusual routines.
Ethical hackers should cooperate with information security professionals in the organization responsible for intrusion and detection by staging one of these attacks so the organization can better understand what will happen if it occurs in the real world.
Conclusion
Routers are one of the top points of attack for hackers, and an organization’s ethical hacker needs to keep this in mind. By tightening router password policies and staging these attacks against their organization’s router(s), ethical hackers will have surer footing regarding how attack ready their organization’s router is.
After testing these, you know the drill: take appropriate remediation and tightening measures and then test again and again.
FREE role-guided training plans
Sources
- Router attacks: Five simple tips to lock criminals out, WeLiveSecurity
- DoS (Denial of Service) Attack Tutorial: Ping of Death, DDOS, Guru99
- Ethical hacking: Aircrack-ng (WiFI Password Cracker), Kalamawi
- 12 pre-built training plans
- Employer-requested skills
- Personalized, hands-on training
In this Series
- Ethical hacking: Attacking routers
- The rise of ethical hacking: Protecting businesses in 2024
- How to crack a password: Demo and video walkthrough
- Inside Equifax's massive breach: Demo of the exploit
- Wi-Fi password hack: WPA and WPA2 examples and video walkthrough
- How to hack mobile communications via Unisoc baseband vulnerability
- How to build a hook syscall detector
- Top tools for password-spraying attacks in active directory networks
- NPK: Free tool to crack password hashes with AWS
- Tutorial: How to exfiltrate or execute files in compromised machines with DNS
- Top 19 tools for hardware hacking with Kali Linux
- 20 popular wireless hacking tools [updated 2021]
- 13 popular wireless hacking tools [updated 2021]
- Man-in-the-middle attack: Real-life example and video walkthrough [Updated 2021]
- Decrypting SSL/TLS traffic with Wireshark [updated 2021]
- Dumping a complete database using SQL injection [updated 2021]
- Hacking clients with WPAD (web proxy auto-discovery) protocol [updated 2021]
- Hacking communities in the deep web [updated 2021]
- How to hack Android devices using the StageFright vulnerability [updated 2021]
- Hashcat tutorial for beginners [updated 2021]
- How to hack a phone charger
- What is a side-channel attack?
- Copy-paste compromises
- Hacking Microsoft teams vulnerabilities: A step-by-step guide
- PDF file format: Basic structure [updated 2020]
- 10 most popular password cracking tools [updated 2020]
- Popular tools for brute-force attacks [updated for 2020]
- Top 7 cybersecurity books for ethical hackers in 2020
- How quickly can hackers find exposed data online? Faster than you think …
- Hacking the Tor network: Follow up [updated 2020]
- Podcast/webinar recap: What's new in ethical hacking?
- Ethical hacking: TCP/IP for hackers
- Ethical hacking: SNMP recon
- How hackers check to see if your website is hackable
- Ethical hacking: Stealthy network recon techniques
- Getting started in Red Teaming
- Ethical hacking: IoT hacking tools
- Ethical hacking: BYOD vulnerabilities
- Ethical hacking: Wireless hacking with Kismet
- Ethical hacking: How to hack a web server
- Ethical hacking: Top 6 techniques for attacking two-factor authentication
- Ethical hacking: Port interrogation tools and techniques
- Ethical hacking: Top 10 browser extensions for hacking
- Ethical hacking: Social engineering basics
- Ethical hacking: Breaking windows passwords
- Ethical hacking: Basic malware analysis tools
- Ethical hacking: How to crack long passwords
- Ethical hacking: Passive information gathering with Maltego
- Ethical hacking: Log tampering 101
- Ethical hacking: What is vulnerability identification?
- Ethical hacking: Breaking cryptography (for hackers)
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
