Router Password

[Clicker]

Okay we all know that exploiting a host is not so easy if we cannot get past the router. And besides having a good exploit for the router itself, (other than hitting the reset button) we usually resort to bruting the router.

Unlike common webservers, bruting the router can take forever since there exist only 1 pair of userpass. Good news is, usually for a certain brand of routers, there is a certain standard username, so that cuts the effort exponentially.

Now, i would like to find out the average time it takes to brute a 5letter,6 letter....10letter password. But im not sure how hydra works. apparently, i need a pass list aka dictionary brute. however im uncertain that a dictionary brute would work since most of the time since the possibility of hitting a pass is very remote.

I was wondering if Hydra allows for realtime generation of bruteforce, that is, starting from 000000 to 000001 to 00000A ect. and what is the feasibility of this. For example , if i attacked my own netgear router; standard user:admin but the password, was QWERTY.(6 letter) would the permutation and combination of brute a 6letter login take very long on hydra?

Finally, is there anyone with experience in hydra and routers to tell us if theres any form of lockout or protection and also delay in bruting the router.
Side effects ? jam? freeze? lockup?

[bofh28]

bruting the router can take forever

Now, i would like to find out the average time it takes to brute a 5letter,6 letter....10letter password.

I was wondering if Hydra allows for realtime generation of bruteforce, that is, starting from 000000 to 000001 to 00000A ect. and what is the feasibility of this. For example , if i attacked my own netgear router; standard user:admin but the password, was QWERTY.(6 letter) would the permutation and combination of brute a 6letter login take very long on hydra?

Finally, is there anyone with experience in hydra and routers to tell us if theres any form of lockout or protection and also delay in bruting the router.
Side effects ? jam? freeze? lockup?

Yes bruteforcing a router can take forever. The average time depends on the fast the router is, how much ram it has, and how fast it can accept a connection. I once had to allow public access to some Cisco 2600 series routers, so I put them behind a iptables firewall. In the iptables firewall I added a rule that only 3 connections could be made in 5 minutes. Check out --limit in iptables for more information on that. So this would really slow down any bruteforce attack, but it also can cause a DOS to legit users. You have to balance security and inconvenience to users.

Using hydra without understanding it and the equipment you are using it on can cause all sorts of problems for the equipment. I had routers lockup solid, drop packets, just act plain crazy.

[secure_it]

If you are talking about mid sized or enterprise level routers(not the SOHO)then there are a lot of countermeasures can be taken.e.g. cisco routers

security authentication failure rate threshold 10 log #(10 is login rate before introducing delay)
login block for 60 attempts 3 within 120
login delay 5
login on-failure log every 1
login on-success log every 1

configure enable secret pretty hard.
configure proper access list for both console and telnet access
and if you want to go one step ahead
integrate routers with SNMP server like Cisco works and with syslog servers like kiwisyslog
configure AAA(authentication,authorization,accounting)locall y or remotely with Cisco ACS
configure IOS IPS/IOS Firewall
this will properly protect router with unauthorized access.