Internet gateways communicate with other gateways called routers.[^1] Routers are connected between subnets and handle large amounts of internet packets.[^1] Routers are the primary backbone of the internet.[^2] Gateways are convenient locations for firewalls and monitoring.[^1] The routers maintain multiple connections to one another and keep track of the other routers that around them.[^1] Some of the information that they keep track of is link speeds, delay times, and network congestion.[^1] A home router functions as a network address firewall.[^1] This allows the router to act as an agent between the private home network and the internet.[^1] It uses a single IP address to represent the entire home network group.[^1] It can also be assigned more IP addresses.[^2] These help to hide the internal structure of your network.[^1]
Routers provide a combination of functions including IP routing, Network address translation (NAT), DHCP functions, DNS, Firewall functions, LAN connectivity.[^1] A router discards corrupted packets.[^2] If a Router receives a non-corrupted packet, it consults a routing table to determine where to send it.[^2] Routers do not propagate broadcast packets by default, but they can be configured to do so .[^2] Routers and Switches are usually locked in closets.[^3] Internet routers contain their own addresses and the directions to route a packet to the other routers. You should not hide the Wifi SSID as it adds no additional security to the network and may cause compatibility issues.[^4] If a router is breached, the Internet gateway Device (IGD) interface can be used to expose arbitrary TCP and UDP ports to the public internet.[^4] Many internet routers run Linux. Internet routers transmit packets through the internet.[^5]
[[Internet Service Provider]] – usually provides customers with a router or modem
[[Firewall]] – may be a a router that controls data flow between networks
[[Chinese Hacking]] – Chinese hackers used home internet routers and small-business internet routers to mask attacks on US critical infrastructure
[[Volt Typhoon]] – gained access with zero-days on routers
[[SOHO Routers]] – used by advanced threat actors
[[UNC3886]] – develops backdoors for routers
[[IP Addresses]] – public IP addresses are typically assigned to a router
[[APT28]] – used EdgeRouters to create a botnet
[[PoC Honeypot]] – changing the last octet to a a1 makes the router look like a gateway
[[ORB Networks]] – use compromised Routers
[[Netgear Routers]]
[[FLOWERWATER]] – used to compromise routers for an ORB network
[[DNS Rebind Attack]] – Internet routers are the most commonly targeted devices for DNS rebind attacks
[[UPnP]]
[[Internet Gateway Device (IGD)]]
[[Identity Deception Leading to Wi-Fi Hijacking]] – allows a malicious client to impersonate the Router, and therefore intercept the wireless traffic from all other devices on the network
[[iptables Network Address Translation Table]] – a NAT can be made visible to an outside connection via a router configuration.
[[Red Teaming]] – be familiar with routers
[[EdgeRouters]]
[[IPSec Tunneling Protocol]] – Router configurations are a good source of pre-shared keys
[[Chinese Hacking]] – focuses on provider and customer edge routers
[[Switch Port Analyzer (SPAN)]] – can be used to monitor traffic
[[Expedition Cloud]] – Chinese cyber range that includes various routers
[[Pathping]] – calculates packet loss of any routers that it crosses through
Backlinks
[[Cybersecurity]]
DHCP
DNS
[[Internet]]
[[IP Addresses]]
[[TCP_IP]]
[[WAN Packet Switches]]
Sources
[1] “networking102.” Accessed: Dec. 30, 2024. [Online]. Available: https://ubnetdef.org/slides/fall2017/networking102.pdf
[2] “An Introduction to TCP/IP”.
[3] David Bombal, Ex-NSA hacker tools for real world pentesting, (Oct. 22, 2021). Accessed: Jan. 22, 2025. [Online Video]. Available: https://www.youtube.com/watch?v=G8lrwmsx8KA
[4]NSA_HomeNetworkBest
[5] P. Panchekha and C. Harrelson, “Web Browser Engineering.” [Online]. Available: https://browser.engineering/onepage.html#http