Someone hacked my netgear router

How does someone hack into a router? I am using a wireless netgear router at home, I had 2 forward ports to my web server, 80 and 25 and 110. The next day I checked and my router was flashing with all kind of activity. I checked my server and all this traffic was coming in. I logged back into my router and the forward ports had been changed to 1100 something (same ports used by gnuella networks). I just would like to know how someone can hack into a router and reconfigure it. the wireless is turned off. thanks :shock:

Ah. The old netgear wireless router. I have one at home. Alot of my house is wireless because we are too lazy to run cables . My network is unsecure because I constantly have people coming over and getting on the internet. You most likely didn't turn off all wireless capabilities. You may have denied outside users the right to the internet, but not from accessing your router. I could pull up in front of your house and access your router right now if I wanted to. You must make your router a secure network. Everyone knows the factory default security passwords. Change the username and password up a little and make sure no one can bypass it. I hate netgear, thats why I love using cisco routers in the academy.

Red Ranger

There are a few ways this could have happened:

1. You've noted that the wireless option was turned off. But as RedRanger has noted, you may want confirm this. If the wireless was not disabled, operating without any security such as WEP or WPA could also leave you open. In fact WEP can be easily defeated as can WPA when a pre-shared key is used for authentication rather than a RADIUS server.

2. Secondly, even if your wireless was indeed turned off or fully secured, if your router had any known vulnerabilities, they may have been utilised by attackers (coming in from the internet/WAN side). You can find a list of vulnerabilites for software and firewalls at www.securityfocus.com/ .

3. The software running on the machines which you forwarded ports to may have had vulnerabilities e.g. webserver, email server, etc. Theses machines may have then been compromised and then used to access your router from within your network.

Word to yo motha.

You crack me up, RedRanger... :lol:

Yep sounds like someone wardriving found your default configuration access point and decided to have some fun with it.

Tell me, did you change the SSID from 'linksys'... did you enable WPA, and did you change the password for the web administration.

Cuz even if you did all three -- it's probably not enough hehe

You might wanna run a sniffer and if you see another IP pop up, run around your house with a shotgun looking for someone in a car with a laptop. Oh -- it could be your neighbour too

Cheers,