|Router Security||IP Addresses||
Website by |
IP addresses are unique identifiers for computing devices on a TCP/IP network. Think Social Security Numbers for computers. They are written as four numbers separated by periods. Each number can range from zero to 254. I suggest avoiding the extremes, limit your IP address range to 1-253.
Some IP addresses are not allowed on the Internet, they are reserved for internal use only. That is, you can and should use them in your home or office. The most common of these are addresses that start with 192.168. The next two numbers can be anything (1-253). Any IP address that starts with 10 is also reserved for internal use only.
Most home networks range from 192.168.1.1 to 192.168.1.254. Half the homes in the world have routers with an IP address of 192.168.1.1 or 192.168.0.1 or 192.168.2.1.
One of the first things to change on a new router is the IP range it uses. That is, change the IP address of the router and the IP addresses given out by the DHCP server in the router (see below). Most routers that I have used were smart enough to modify the DHCP server settings when the IP address of the router was changed.
The main reason to change default IP addresses is to avoid some types of attacks.
One example of this is a bug in D-Link routers that was reported in January 2015 (DNS hijacking flaw affects D-Link DSL router, possibly other devices). Quoting:
"A vulnerability found in a DSL router model from D-Link allows remote hackers to change its DNS (Domain Name System) settings and hijack users' traffic ... Attackers don't need to have access credentials for the affected devices in order to exploit the vulnerability, but do need to be able to reach their Web-based administration interfaces ... Rogue code loaded from a website can instruct a browser to send specially crafted HTTP requests to LAN IP addresses that are usually associated with routers."
The critical point being that using the same LAN IP addresses that everyone else does, makes you more vulnerable to certain types of attacks.
The March 2017, WikiLeaks data dump, Vault 7: CIA Hacking Tools Revealed, included a page called JQJDISRUPT - WAG200G that discussed hacking a Linksys router. Of a particular attack, a CIA employee wrote: "it was determined that puppetmon.py was not going to work to get Cannoli on the Linksys target. When running puppetmon.py it eventually always returns errors. User xxx advised that it would only work if the target was in the 192.168.x.x space." The same page describes another attack that only worked if the routers IP address was 192.168.1.1.
Other attacks that need to know (or guess) the internal IP address of the router:
I would avoid the 192.168.x.x. networks that other devices default to. That means, avoid networks where the third number is 0, 1, 2, 3, 5 (used by Hawking), 8 (used by GLi), 10, 11, 19 (used by Anonabox), 50 (used by Peplink), 55 (used by Luma), 86 (used by Google OnHub routers and Google Wifi mesh system), 88 (used by MikroTik), 100 (cable modems) and 178 (used by FRITZ!Box). If you know of others, please send me an email. Some good networks would be 192.168.68.x or 192.168.77.x or 192.168.90.x.
As noted above, you can also use an IP address range that starts with 10. This, however, may require you to know a bit about subnet masks. If you keep the first three numbers the same for all the computing devices on your LAN, then use a subnet mask of 255.255.255.0 (24 binary ones on the left and 8 binary zeros on the right). If you like 10.something, then avoid 10.0.0.x (Netgear), 10.0.1.x, 10.1.1.x and 10.10.10.x (used by HooToo in their HT-TM05 TripMate Titan Wi-Fi sharing device). Some easy to remember networks would be 10.11.12.x and 10.20.30.x. That said, easy to remember should not be a priority, security should be. So, something that no one would guess, like 10.43.27.x is better.
Another reason to chose a subnet that is off the beaten path is for VPNs. If, someday in the future, you setup a site to site VPN, having each site use its own subnet is cleaner and easier.
Regardless of the subnet, everyone is in the habit of assigning their router an IP address that ends with 1. This is a custom, not a requirement. Don't do it. Specifically, do not use 220.127.116.11, 18.104.22.168 or 22.214.171.124. Better choices on these same three networks are: 126.96.36.199, 188.8.131.52 and 184.108.40.206.
Trend Micro specifically says not to use IP addresses ending in 100 or 254 for the router. See Protecting Home Networks: Start by Securing the Router May 18, 2017.