O D worries that other people, including criminals, can see his IP address. “What can happen if they come into my router?”
As I pointed out last year, your router’s IP address is anything but a secret. Every website you visit gets a look at that number. And from that IP address, they can discover your ISP and your general location (your neighborhood, but not your address).
But can they infect your router with malware? It’s not likely, but the danger is significant enough to take precautions.
[Have a tech question? Ask PCWorld Contributing Editor Lincoln Spector. Send your query to firstname.lastname@example.org.]
Last year, researchers discovered a worm, which they called TheMoon, that infected several Linksys routers. Linksys soon issued a fix to stop it. This wasn’t the first such attack, and it will almost certainly not be the last.
Note that TheMoon infected only Linksys routers. I’m not picking on Linksys; the next attack could be on D-Link or Netgear routers. That’s the nature of this kind of malware— it’s manufacturer-specific. So chances are that a worm that tries to attack your router won’t be compatible with it—and for once, you can be thankful for incompatibility.
What follows are the basic precautions everyone should take. For more details, read this helpful router security piece by Michael Brown and Jon L. Jacobi.
- Update your
browserrouter firmware. Check the manufacturer’s website regularly to see if there’s a new version.
- Go into your router’s setup page and make sure that remote administration is turned off. (If the IP address is 0.0.0.0, it’s off.)
- Change the name of your wireless network. There’s no need to advertise the make of your router.
- Change the router’s password. I’m not talking about the Wi-Fi password, but the one that gets you into the router’s setup. And make it a strong password.
Finally, if you’re really worried, hide your IP address by using either an anonymity browser like Tor, or a virtual private network (VPN) like CyberGhost.
February 17: I corrected an error above. My thanks to Earl Wiese for bringing the error to my attention.