Recently in India investigating agencies have found militants using WiFi access points of home users to send threat mails. and ultimately investigation is focused on owner of WiFi DSL connection. well this could happen with any one of us who is using DSL with WiFi.
How is this tracked ? when a hacker connects to your weak WiFi Access Point and sends emails or other internet traffic. Your DSL modem's public IP is logged in to email server with timestamps and email id used by hacker. this public IP is usually dynamic IP. means your Modem may be assigned different IPs when you connect to internet. so ISPs maintains a log of IP assigned, timestamps, and some customer_id (could be DSL PPP username) in logs.
- Investigating agency first approaches Mail service provider ( like yahoo, rediffmail ) and get IP address from which mail was sent from by scanning mail server logs.
- Next they identify ISP (like Airtel, BSNL, etc) of that IP (using whois database)
- Agency fetches customer details from ISP logs corresponding to that IP address they found in Mail service provider. This way investigating agency identifies customer who's Internet connection was exploited by hacker. This way they narrow down to possible physical zone of crime. and owner of the DSL connection is first point of interrogation.
You can minimise the risk of getting exploited by practising following
- change default passwords of router login most of the ISPs ship Modems/Routers with default passwords. which are well known like admin/password or something similar. you should immediately change these to some good strong passwords.
- change default SSID (if any) Provider may ship Router with default SSID like "HomeUser" which is guessable and well_known . so this should be changed immediately
- hide SSID from broadcast usually routers broadcast SSIDs and SSIDs are visible to computers within WiFi range. this computer could be your neighbour's and he may try to do funny things with your network. better hide SSID broadcast.
- Disable guest ssid (if any)
- Enable WPA-PSK or WPA2-PSK (read more at http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access ) protects your connection with password
- If not using above then atleast use WEP. protects your connection with password
- Enable logs, if you have a syslog server then also set its IP on router. if some one exploits your network then logs can prove this.
- Disable SNMP if not used or atleast change default public and private community strings. SNMP is used to monitor network devices and send alerts to SNMP trap server. SNMP can reveal lots of information about your DSL modem and network. so better disable it
- If you wanna enable SNMP then change default read and write community strings. default read string is "public" and set string is "private". you should change these.
-Turn off DHCP DHCP is used to automatically assign IP, Gateway and DNS to new devices appearing in network. its makes life easy. but for hacker too. so better turn off DHCP
- Use static IPs on devices(laptops, handhelds, PCs) at home - Maintain a list of MAC addresses of your computer, Laptop, Handhelds. and take action if you see any new MAC address appearing in logs