eircom modem security

toca

I share a house and have broadband in my room, eircom with a wireless modem. I think that someone is using my bb even though I had it secured. If someone reset my modem could they disable security and change my password, I dont seem to be able to log into the modem anymore

dub45

toca wrote:

I share a house and have broadband in my room, eircom with a wireless modem. I think that someone is using my bb even though I had it secured. If someone reset my modem could they disable security and change my password, I dont seem to be able to log into the modem anymore

What makes you think that someone is using it? the software on your pc or laptop should show whether the network is secured or not - usually it tells you the available network(s) and their security status.

If you need to log into the router/modem you can usually set it back to its defaults by holding in a little button at the back - then you can set it all up again - change the default log in passwords - change the router address - implement wpa and mac filtering and physically lock your door in case they try to default it again:)

If you have the router in your room (unless I misread your post) why bother with wireless at all? Why not use an ethernet connection and disable the wireless?

toca

jeez sounds complicated, but thanks a mill.

dub45

toca wrote:

jeez sounds complicated, but thanks a mill.

Its not all that complicated if you have any questions just post them here.

zerodown

Dub's right but let me try make it more simple.

IF you are in the same room as the Modem/Router (Netopia Box) then you should connect to it via an Ethernet Cable it had to of being supplied with the broadband. Then go to the Homepage for the Modem and disable wireless altogether.

Alternatively if your on wireless also you can simply lock it down.

Yet again you must go to router homepage (192.168.1.254 mostly),
Go to wireless tab and select Advanced Configuration. Still with me? ok in there you will see limit by mac address. Select yes. By doing this you are telling the modem that this computer is the only allowed one.

Put your mac address in (Get this by going to run and typing cmd. Then type ipconfig/all and it will be there.

Once done you have a secure connection that only you can use!

dub45

zerodown wrote:

Dub's right but let me try make it more simple.

IF you are in the same room as the Modem/Router (Netopia Box) then you should connect to it via an Ethernet Cable it had to of being supplied with the broadband. Then go to the Homepage for the Modem and disable wireless altogether.

Alternatively if your on wireless also you can simply lock it down.

Yet again you must go to router homepage (192.168.1.254 mostly),
Go to wireless tab and select Advanced Configuration. Still with me? ok in there you will see limit by mac address. Select yes. By doing this you are telling the modem that this computer is the only allowed one.

Put your mac address in (Get this by going to run and typing cmd. Then type ipconfig/all and it will be there.

Once done you have a secure connection that only you can use!

In addition you should change the security to WPA rather than the default WEP which Eircom chooses for some reason - again ask here if you have any questions about how to do it.

zerodown

WEP, even if implemented "correctly", is still quite weak. WPA is a much improved encryption standard, It is unfortunate that many WiFi products are still being sold using only WEP.

Luckily most modems allow wpa so in conclusion wep is fine but for a more secure network the use of 128bit Wpa is recommended.

jd

toca wrote:

I share a house and have broadband in my room, eircom with a wireless modem. I think that someone is using my bb even though I had it secured. If someone reset my modem could they disable security and change my password, I dont seem to be able to log into the modem anymore

Yes-if you don't physically secure your router they can reset it by sticking a pin into the hardware reset switch. (beside the power switch I think)

dub45

zerodown wrote:

WEP, even if implemented "correctly", is still quite weak. WPA is a much improved encryption standard, It is unfortunate that many WiFi products are still being sold using only WEP.

Luckily most modems allow wpa so in conclusion wep is fine but for a more secure network the use of 128bit Wpa is recommended.

And WPA is much easier to set up too!:)

MOH

toca wrote:

I share a house and have broadband in my room, eircom with a wireless modem. I think that someone is using my bb even though I had it secured. If someone reset my modem could they disable security and change my password, I dont seem to be able to log into the modem anymore

I would have though if someone reset it your ISP logon details would have been cleared? So you wouldn't be connecting to the internet now?

Unless someone knew your ISP details, reset your modem, disabled the security, and re-entered the logon info.

Foxwood

MOH wrote:

Unless someone knew your ISP details, reset your modem, disabled the security, and re-entered the logon info.

The login details for eircom broadband aren't exacty secret.

jor el

toca wrote:

I dont seem to be able to log into the modem anymore

Do you get no response from the router or is it not accepting your password. If it's the latter then someone has changed it. Press the reset button on the back and re-enter your details as necessary. Then change the encryption to WPA, or use ethernet if it's beside your computer and dissable the wireless option.

Are you concerned that someone in your house did this or that it happened over the wireless link? If it's someone in the house then there's not much you can do to prevent them resetting the router again, short of locking it away somewhere. If wireless is the problem then stronger encryption, WPA, is the way forward (or dissabe wireless all together if you can).

shltter

zerodown wrote:

Yet again you must go to router homepage (192.168.1.254 mostly),
Go to wireless tab and select Advanced Configuration. Still with me? ok in there you will see limit by mac address. Select yes. By doing this you are telling the modem that this computer is the only allowed one.

Put your mac address in (Get this by going to run and typing cmd. Then type ipconfig/all and it will be there.

Once done you have a secure connection that only you can use!

If only it was as simple as that Mac address filtering is useless it will only prevent an accidental connection by a neighbour for example

If someone has already access to the router trying to lock them out with Mac address filtering is a waste of time.
Turning on WPA with a strong password is the best way to protect your wireless network.

MOH

Foxwood wrote:

The login details for eircom broadband aren't exacty secret.

Really?! :eek:
With Smart I've a random 10-character gibberish string of alhpanumerics password that I keep having to get them to resend me every time I want to upgrade my firmware. (I'm too stupid to actually write it down while I know it).

Do you mean Eircom just have common login details for everyone?!

Foxwood

MOH wrote:

Really?! :eek:
With Smart I've a random 10-character gibberish string of alhpanumerics password that I keep having to get them to resend me every time I want to upgrade my firmware. (I'm too stupid to actually write it down while I know it).

Do you mean Eircom just have common login details for everyone?!

Why not? They know what phone line you're connecting on, it doesn't really matter what username/password you use (you don't need a username/password to make a phone call, do you?)

If you go to http://broadbandsupport.eircom.net there's a box on the left had side of the page that says:

Basic Modem Config:
Username: eircom
Password: broadband1
Encapsulation: PPPoE
Multiplexing: LLC Based
VPI: 8
VCI: 35

zerodown

shltter wrote:

If only it was as simple as that Mac address filtering is useless it will only prevent an accidental connection by a neighbour for example

If someone has already access to the router trying to lock them out with Mac address filtering is a waste of time.
Turning on WPA with a strong password is the best way to protect your wireless network.

Of course... but as a nat setting in the firewall it would simply block requests from all other users. Therefore stopping and roommates having access to the connection at all? Then again that's probably more suited for Ethernet.

MrPudding

As well as MAC filtering & WPA you should also disable the DHCP server which is probably running on the router.

Set your system up with a static IP address, put your DNS servers into your wireless card settings as well.

I find this makes browsing a bit faster and some routers seem to block web access if you are not using DHCP and don't have DNS set locally.

MrP

MunsterCycling

They block access as they can't find the DNS servers coz DHCP tells them their IPs and if you haven't entered them you can't resolve addresses.

MOH

Foxwood wrote:

Why not? They know what phone line you're connecting on, it doesn't really matter what username/password you use (you don't need a username/password to make a phone call, do you?)

If you go to http://broadbandsupport.eircom.net there's a box on the left had side of the page that says:

True, but it would protect against something like this, where someone else in your house is leeching your broadband after changing your settings. With a common password, anyone in the house can change your modem settings without you realising it - they can reset the modem (which I presume rests the modem admin password), make their changes, and re-enter your ISP login details - and you'll never notice.
Not just flatmates, but I could imagine kids using it to bypass firewall setting parents had set up on the modem (OK, most people aren't just going to rely on their modem firewall, but still). Or maybe clear logs.
Anyway, I'm rambling a bit off topic here, and it doesn't apply to me anyway. I was just a bit surprised, is all.

MrPudding

At the end of the day there is no security without physical security. IF the issue is actually someone in the house resetting the device they could just do it again.

MrP

MrPudding

MunsterCycling wrote:

They block access as they can't find the DNS servers coz DHCP tells them their IPs and if you haven't entered them you can't resolve addresses.

I was talking about DHCP on the router handing out addresses to clients on the LAN side of the router, not the router getting a DHCP address on the WAN side from €ircon.

MrP