DEFAULT PASSWORD ON Rogers Cable Modem

Need Help?

That's what we're here for! The goal of the Rogers Community is to help you find answers on everything Rogers. Can't find what you're looking for? Just ask!
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
I'm Here A Lot
Posts: 5

DEFAULT PASSWORD ON Rogers Cable Modem

I have recently discovered that a large number of ip addresses are trying to access rogers ip addresess.

If rogers cable modem is your first line of defense and it has the default username and password, then there is a high possible that your network is breached. There are a lot of forums where rogers cable modem admin account credentials are listed. My advice is to call your firends and family who are using rogers cable modem and ask them to call techsupport and get that password change ASAP. I tried calling techsupport myself to have these subnets blocked, but the lady said she can't and they dont do that.

I am posting this here after seening firewall logs (Juniper) from 5 different clients that I know and all have continous login attempts from a few ips and also a few replay attack session on SSH connections. Find below a list of attack on 1 client in a few days: (I am limited to 10k caracters so i cant post the whole log. in 3 days there are more than 2000 attempts!


2014-01-08 15:52:15    alert    Login attempt by admin root from 91.217.151.110 is refused as this account is locked
2014-01-08 15:51:42    alert    Login attempt by admin root from 91.217.151.110 is refused as this account is locked
2014-01-08 15:50:06    alert    Login attempt by admin bin from 91.217.151.110 is refused as this account is locked
2014-01-08 15:46:15    alert    Login attempt by admin root from 61.182.170.38 is refused as this account is locked
2014-01-08 15:39:43    alert    Login attempt by admin root from 61.182.170.38 is refused as this account is locked
2014-01-08 15:39:40    alert    Potential replay attack detected on SSH connection initiated from 61.182.170.38:43983
2014-01-08 15:35:55    alert    Potential replay attack detected on SSH connection initiated from 61.182.170.38:42395

2014-01-08 15:33:22    alert    Login attempt by admin root from 123.30.236.88 is refused as this account is locked
2014-01-08 15:33:21    alert    Login attempt by admin root from 61.182.170.38 is refused as this account is locked

2014-01-08 08:20:03    alert    Login attempt by admin root from 64.251.15.167 is refused as this account is locked

2014-01-08 03:00:50    alert    Login attempt by admin root from 91.197.145.139 is refused as this account is locked

2014-01-08 01:34:37    alert    Login attempt by admin root from 115.146.123.68 is refused as this account is locked

2014-01-08 01:23:55    alert    Potential replay attack detected on SSH connection initiated from 75.126.167.66:41592

2014-01-07 19:54:39    alert    Login attempt by admin root from 117.21.127.215 is refused as this account is locked

2014-01-07 19:26:35    alert    Potential replay attack detected on SSH connection initiated from 117.21.127.215:49391

2014-01-07 18:11:57    alert    Login attempt by admin root from 85.114.128.81 is refused as this account is locked

2014-01-07 15:03:10    alert    Login attempt by admin root from 79.137.213.14 is refused as this account is locked

 

 

***edited labels***

 

I'm an Advisor
Posts: 1,524

Re: DEFAULT PASSWORD ON Rogers Cable Modem

RyanHN:

 

Thanks for starting this thread. Very good advice. Maybe it depends on the modem/router, but I have an SMCD3GN and change my password often. I don't need Rogers to do anything. Just checked my logs and don't see anything unusual.

Resident Expert
Resident Expert
Posts: 13,990

Re: DEFAULT PASSWORD ON Rogers Cable Modem

The DEFAULT one is fairly well know.  But you are correct.. it should be change VERY often.
I know on the SMC, Cisco and the older hitron its fairly easy to do, not sure on the new one.

Usually all it requires is loging into the gateway itself.

If you dont know the gateway address.. you can open an command prompt (start, run, cmd.exe   on a windows computer) and type ipconfig and it will list a GATEWAY address.
Usually this is 192.168.0.1 or 192.168.1.1.

Log into there with the default rogers username/password.

Now, the username i dont beleive can be change, but the password can.

 

One thing, in the case of above the OP's client.. that person SHOULD be able to make the request to rogers, to rotate thier IP at least.. they should be able to accomodate something like that.  Since its a directed attack at her IP, with it changed, the attack should stop.
(bar, there being something like malware or similar on the PC, reporting the new IP to the malicious parties involved)



I'm an Advisor
Posts: 1,524

Re: DEFAULT PASSWORD ON Rogers Cable Modem

Gdkitty:

 

You are correct. Only the password, not the username, can be changed on the SMCD3GN..

I Plan to Stick Around
Posts: 124

Re: DEFAULT PASSWORD ON Rogers Cable Modem

Keep in mind for them to be able to login to your gateway you would need to allow remote administration or setup firewall rules to allow access to the admin page from the outside world. As far as I know all of the rogers gateways have remote admin disabled from the WAN/internet port. The LAN ports have access and of course rogers has their access through the management network.

 

OP - Juniper Firewalls( the screen OS variety at least) do not have remote admin enabled by default but in your case since it sounds like you may manage their devices remotely you have it enabled. You should limit access by IP so only you can access remotely. That way the firewall will block the attempts so no brute force password guessing attempts can take place.

I'm Here A Lot
Posts: 5

Re: DEFAULT PASSWORD ON Rogers Cable Modem

sbenninger I agree,

Remote admin and SSH are enabled and limited to centain subnets only. But a few days ago, I made some policy changes and remove the managed ip list while making the policy changes. And all this happens within that period of time the list was offline (3 days). Good news is that after 2 attempts, the account is disabled for 24hrs. But as you can see, they were trying very hard.

 

 

 

 

I Plan to Stick Around
Posts: 124

Re: DEFAULT PASSWORD ON Rogers Cable Modem

The many hacked zombie PC's that are part of the many botnets are constantly attempting to gain access to webservers, db servers, firewalls, routers etc using known default passwords and exploits. We have hundreds a day in our webserver logs from different IP's all running the same scripts.

Keeping software/firmwares up to date and changing default passwords is always the best place to start.
I Plan to Stick Around
Posts: 13

Re: DEFAULT PASSWORD ON Rogers Cable Modem

"seening firewall logs (Juniper)" This is obviously a business - the fact you have not changed the Rogers device into a modem only and disabled all features and chaged the login USER NAME and PASSWORD shows you need professional IT help.

 

Contract a relaible IT management company or start reading the network device manuals and take a Cisco networking course.

 

I don't know what your set-up or equipment but usually there is a way to block the IPs the attacks are coming from, and you can do other things like time out connections on failed attempts.

 

User Name and password changes are simple level one, if I was trying to hack you and saw no response on the brute force I would start probing for open ports, to find a back door.

 

But with all attacks and why calling your friends to get them to change passwords is not neccessary - is you have to have something of value - most home users have nothing of interest for hackers that are attacking you on this level. 

Highlighted
I'm Here A Lot
Posts: 5

Re: DEFAULT PASSWORD ON Rogers Cable Modem

Mike,

Here are a few tips:

1. Seeing a firewall log does not mean that its a business. FYI: It is at my home and its not a home business.

2. The information was giving to the public to help them better understand what is happening on the WAN side of the internet, and for those who acutally use rogers modem as their primary router.

3. Are you saying that home users have no value behind their network and has nothing worth protecting?

4. For you to say that I have not change the rogers device into a modem show your limited knowlege in networking. FYI: It IS in brigde mode that is why the juniper was logging the failed login attempt on the untrust zone(public ip side).

 

As for my log, if you look you will see the acccount is locked when the bots/humans are trying to access the firewall. FYI: its locked for 1440 mins after 1 failed attempt. All this atttacks occus during deployment stage while there was nothing connected to this firewall, while it was being configured. It has been fully configured now for WAN management access on only certain subnets amoung other firewall features.

 

You made some rather daring assumptions based on a firewall log file that was meant to be just information to forum members. However Mike, thanks for your advice and good luck with that IT management company that you work for.

 

 

Now on PPV
BARE KNUCKLE FC 9: LOBOV VS. KNIGHT 2
LIVE: Saturday, November 16, 2019 9PM ET
Channels: 348 (HD) | 350 (SD) | Ignite TV 499
Price: $39.99 (HD) | $39.99 (SD) | Ignite TV $39.99
DTV & Ignite TV customers can order now!

Bare Knuckle Fighting Championship returns with BKFC 9, featuring the rematch of April’s “The Fight of the Year” between former UFC star Artem Lobov and Jason Knight.

Topic Stats
  • 8 replies
  • 16729 views
  • 0 Likes
  • 5 in conversation