Wireless routers and toys

[untuchable-me]

i am aking this question today because i use a wireless router at home, and because with things involving security its best to know how they work... i am using a netgear wireless router with NAT/ firewalling.......
my question is, lets say i make a request for yahoo.com it goes through the router and into the cable modem, but when the connection is acknoleged how does the router know where to send the packets......

another question is how can i be hacked throught a router????

i am really big on securtiy and i would really like to know the answers to these two questions........

[D0pp139an93r]

I'm at work so I don't ave time to cover the first question... NAT is a little more complicated than i can do right now....

So here goes the second...

Yes, you can be hacked through a router. But the router will dramatically cut down on worms/skiddies. I'm not going into detail about how because it's different with every router... Just search on google for router exploits.


If nobody explains NAT to you, I'll answer it when I get off of work.

[Mark_Anderson]

http://computer.howstuffworks.com/nat.htm

[thehorse13]

how does the router know where to send the packets

Look up TCP/IP and you'll see something called source and destination fields. These fields are populated with the IP addresses of your PC and of course, yahoo, the destination. Your router wraps this information with its own IP as the source. This same process happens at your cable/DSL modem. When the packet hits yahoo, they see the traffic coming from your cable/DSL modem (the routable IP drawn from your ISP). When the packet returns, the process is reversed. Anyway, the NAT link above should have covered this in greater detail.

another question is how can i be hacked throught a router????

Yes, and as someone else mentioned, it is router dependent. However, most break ins occur because of misconfiguration, not flaws in the product.

[D0pp139an93r]

Oh yeah... Since you are using a wireless router, I highly reccomend that you look into MAC filtering and encryption....



Just a thought.

[The Grunt]

And disable SSID broadcasting.

Just adding on to someone else's thought

[untuchable-me]

D0pp139an93r, i am one step ahead of you, as soon as i got the router i had implemented MAC Filtering as well as a WEP encript key...

thanks for all you help.....

[3rr0r]

I'm not sure if your question has been adequately answered, but it's one that I had for a long time as well before I finally figured it out. Here's my understanding of how NAT works on a router like yours:

- Your computer tries to load http://www.google.com by sending a message over your LAN that basically says this:

Code:

Source address: mycomputer.myhost.net 
Source port: 80 (the HTTP port) 

Destination address: www.google.com
Destination port: 80

Request: Gimme the web page, sucka!

- Your router picks up that packet from the LAN and sends a new one out over the DSL/Cable link like so:

Code:

Source address: myrouter.myhost.net
Source port: 6037

Destination address: www.google.com
Destination port: 80

Request: Gimme the web page, sucka!

Notice that both the Source address and port have changed - the address now being the router's, and the port being an arbitrary high-numbered port instead of 80. The port change is the real key to NAT.

- At this point the router makes a note in it's NAT table effectively saying:

Code:

"Any packets I recieve on port 6037, I should send to port 80 of mycomputer.myhost.net."

- Subsequently, www.google.com receives the request and returns one like this:

Code:

Source address: www.google.com
Source port: 80

Destination address: myrouter.myhost.net
Destination port: 6037

Request:  Here's the web page, fool.

- The router consults it's table and sees that it's supposed to direct any packet received on 6037 to mycomputer.myhost.net, and so sends a packet over the LAN like so:

Code:

Source address: www.google.com
Source port: 80

Destination address: mycomputer.myhost.net
Destination port: 80

Request:  Here's the web page, fool.

- The web browser gets the Google web site just like it was directly connected to the net, and nobody's the wiser.

Made sense? Let me know if not.

[r8devil]

q1 can be simply answered by NAT. your router uses NAT to make sure everything gets to where its supposed to go when you have less external IPs than internal IPs. 3rr0r has got a good simple explanation of how NAT works. That should generally answer q1.

NAT explained

above I have put a link to info on NAT and also there are some links to TCP/ip which you might need to understand some of the information about NAT.

as for q2, there are specific hacks for each router but generally you should be ok if you have configured the router correctly. Dont think anyone will be posting info on how bypassing the router here but as usual, a google search should get you the info you want. For info on how to secure wireless routers and the info travelling across them is for another thread. I think searching through the old threads should bring up some more info on that.

[mrg81]

Since most of them have already answered what is NAT /router getting the webpages , exploits I would just add one line.

In your router you will have enable log option, Enable that to see what is going on. also you might want to get some tools to monitor your network.

MRG