What kinds of privacy threats should one consider when the access to routers setting is blocked by ISP?

Posted on

Problem :

As mentioned the ISP has blocked access to the router (which the ISP owns). Assuming that a user is able to set Wake-on-LAN, remote desktop, file sharing inside LAN or similar features what are the things to be considered given someone else has the access to router. What is worst someone with access to my routers do?
Any help in protecting oneself from such threats is appreciated.

Solution :

A router by definition has an interface on two subnets. An ISP-provided router will have an interface on its network and your network.

When you have a NIC on someone’s network you can:

  • Try to get a DHCP address to discover subnet.

  • Run a rogue DHCP server yourself and get machines using a different DNS server and possibly record/redirect traffic through that method.

  • Run tools like nmap to scan IP and port ranges and find out machines that respond to ping. From there you can try to access these machines further.

  • Do all sorts of bad things with injecting ARP packets.

  • If able to run software on the router itself, it’s basically like having a computer on your network that doesn’t have restrictions from being behind the router. So someone could setup a proxy to hide their own activity, use your IP for spam, etc.

Your ISP is unlikely to do something malicious but if your router gets breached through a firmware or other vulnerability, someone who is malicious can try doing the above.

Leave a Reply

Your email address will not be published. Required fields are marked *