zabbix
+ Reply to Thread
Results 1 to 9 of 9

Thread: Access PC via router WAN login?

  1. #1
    Join Date
    Jul 2008
    Posts
    5

    Access PC via router WAN login?

    Is it possible to gain access to the internal LAN via WAN login on a broadband (ADSL) router, if I know the router password?
    Assuming i have access to the administration interface via WAN login and the router does have VPN, port forwarding & routing table modification functionality, then how exactly will it be done?

  2. #2
    Join Date
    May 2001
    Posts
    121
    Depens on what you call "access". If you're in full control of the router, you can configure port forwarding so that you can access some services of the PCs of the internal LAN, such as file & print sharing or remote desktop connection, but you still need to know the login/password to access them. If these services are not password-protected, then yes, the computers of the internal LAN are in danger, as your control of the router basically means that they're no longer firewalled.

  3. #3
    Join Date
    Jul 2008
    Posts
    5

    thanks for the reply

    so, if file sharing is not enabled on the pcs connected to the internal lan it is impossible to access the files?

  4. #4
    Join Date
    May 2001
    Posts
    121
    There are alternative ways to access files, for example Remote Desktop Connection (built-in Windows service) or similar third-party software, such as RAdmin ( [url]http://www.all-nettools.com/remote-control-5/radmin-remote-control-2**74.htm[/url] ). Besides, the PCs may be running FTP servers. But if none of the above is running -- then yes, it's impossible to access the files.

  5. #5
    Join Date
    Jul 2008
    Posts
    5
    Quote Originally Posted by MrByte View Post
    There are alternative ways to access files, for example Remote Desktop Connection (built-in Windows service) or similar third-party software, such as RAdmin ( [url]http://www.all-nettools.com/remote-control-5/radmin-remote-control-2**74.htm[/url] ). Besides, the PCs may be running FTP servers. But if none of the above is running -- then yes, it's impossible to access the files.
    OK, so , to fully secure PCs behind NAT routers I do not need to install a firewall to monitor incoming traffic?

    I just need to disable RDC and make sure no ports are open, correct?

    But what if i need some ports to be open for bittorrents etc?
    what are the implications of leaving ports open?
    What is a malicious user able to do if i have forwarded port say: *2*45 to my ip: **6.25.75.* ?

    could that be used to access my files?

  6. #6
    Join Date
    May 2001
    Posts
    121
    Quote Originally Posted by marklodge View Post
    OK, so , to fully secure PCs behind NAT routers I do not need to install a firewall to monitor incoming traffic?
    A firewall is always a good thing to have. You don't necessarily need to "install" it, i.e. you don't necessarily need a *-rd party product, but you should at least use the built-in Windows firewall.

    Quote Originally Posted by marklodge View Post
    I just need to disable RDC and make sure no ports are open, correct?
    I'd say "to make sure no ports offering access to files are open". If you completely close all ports, you won't be able to use many services, such as Skype.

    Quote Originally Posted by marklodge View Post
    But what if i need some ports to be open for bittorrents etc?
    what are the implications of leaving ports open?
    What is a malicious user able to do if i have forwarded port say: *2*45 to my ip: **6.25.75.* ?

    could that be used to access my files?
    Open ports, by themeselves, are not dangerous. Any computer has open ports, you can't be networked without open ports. What's important is that such ports shouldn't be exposing any data not intended for "outsiders". If you're running a local FTP server intended only for your LAN computers, make sure that either FTP access is password-protected or that your firewall restricts access to local IP addresses only. Bittorrent shouldn't be a problem.

  7. #7
    Join Date
    Jul 2008
    Posts
    5
    Thanks
    I have discussed this with many guys.
    I am in South Africa, and since ADSL is just starting to become popular here and most people are totally unprotected and have no knowledge of pc security whatsoever, I wish to have a demonstration of what could be done to an unprotected ADSL user. Most people leave their default pwd/user on the adsl routers and i need to know everything or most things that could be carried out by a novice or experienced hacker
    So far I have prepared material demonstrating how a malicious user is able to steal your WAN username and password (we are usually supplied with shaped capped 2gb accounts) and use your bandwidth, all in a few mins

    So, if you have any other related info that will be useful for my presentation i would appreciate it

    So, to sum it up;
    a hacker is able to access your files via port forwarding and/or a static route if he has wan access to your router, and you have file sharing enabled, correct?

    if you do not have file sharing enabled he willl only be able to access your files if he knows an admin user/pwd, correct?

  8. #8
    Join Date
    Apr 2007
    Posts
    922
    marklodge, an forwarded port on the router is not bad, as MrByte stated.It is the service using that port that can be exploited. When the game or whatever that uses that port is not running, the enabling the windows firewall will keep it safe. You can use google searches to help also.
    [url]http://www.google.com/search?hl=en&safe=off&client=firefox-a&channel=s&rls=org.mozilla%*Aen-US%*Aofficial&hs=*ab&q=bittorrent+port+exploits&btnG=Search[/url]
    You may want to research wep cracking and wpa cracking too.

  9. #9
    Join Date
    May 2001
    Posts
    121
    Quote Originally Posted by marklodge View Post
    So, to sum it up;
    a hacker is able to access your files via port forwarding and/or a static route if he has wan access to your router, and you have file sharing enabled, correct??
    Only if he knows the PC's login and password.

    Quote Originally Posted by marklodge View Post
    if you do not have file sharing enabled he willl only be able to access your files if he knows an admin user/pwd, correct?
    If you do not have file sharing enabled, if he knows the PC's login and password it may still be dangerous. He may be able to execute code remotely. File and print sharing is only one out of several services that uses Windows authentication. There is also RPC etc. See this thread where a person asks a similar question:

    [url]http://www.governmentsecurity.org/archive/t6*2*.html[/url]

+ Reply to Thread

Similar Threads

  1. Router ip addresss
    By mkcitizen in forum General discussion
    Replies: 1
    Last Post: 10-19-2009, 06:31 AM
  2. modem or router
    By noob123 in forum Viruses and Trojans
    Replies: 3
    Last Post: 05-30-2007, 01:25 PM
  3. Access of C:
    By bilalrouf in forum Internet Privacy
    Replies: 3
    Last Post: 07-19-2006, 05:21 PM
  4. help with ftp access
    By webdude in forum Internet Privacy
    Replies: 4
    Last Post: 03-24-2006, 05:13 PM
  5. almost router
    By Unregistered in forum Proxies and Firewalls
    Replies: 3
    Last Post: 03-26-2005, 12:33 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts