Despite how dependent we all have become on it, the Internet still remains a mystery to most folks. There’s a good reason for it – it is complicated and for most, it’s not their job, nor their interest, to have a comprehensive grasp of how data gets from point A to point B. But just like other things we usually take for granted – water, electricity, our cars – when it stops working, we really notice and chafe at any delays to restore normal service. In the case of a water or car problem (most of us are smart enough to not mess with electricity or natural gas!), we’ll try to roll up our sleeves, pop the hood and grab a wrench, but calling a professional is probably the safest and most effective way to get things working again. This is also the case with internet service, but believe it or not, there are some things you can do to troubleshoot and possible restore service, as long as you understand the basics of how the internet is delivered and connected to your location.
Let me break it down for you. Don’t worry, I’ll keep it simple.
First off, you have to have an Internet Service Provider (ISP). It’s important to know who this is, what your account number is, and what the Customer Support number is for that service. You should have this info printed out and easy to find, because, guess what? When the internet is down, it might be hard to look up that info.
Your ISP will deliver internet through a number of different physical types of circuits. The most common are fiber, coax (commonly known as “cable”), and twisted-pair copper. This last one can take various forms, many of which you should be familiar – T1’s, DSL and Ethernet over Copper (EoC) – are all delivered via simple copper wire. This physical circuit will be “terminated” (ie. plugged into your location) in an Minimum Point of Entry (MPOE) or a Demarcation Point (DMARC) which, depending on the type of building, can be a basement, phone closet, a box on the side of your house, or a cable drilled right through the wall into your living room. If you own the property in question, it’s important to know where your internet comes into your property.
That circuit, whatever its type, will actually plug/screw into some sort of device, most commonly referred to as a modem or a data services unit (DSU), but there are several other types and names for this piece of equipment. Essentially, they all have one function: connect the ISP to your property.
From the modem or DSU, your circuit is connected to a router. The router is where the magic happens, and is the most important device on your network, from both an internet as well as a local network perspective. Sometimes, depending on the service, the modem/DSU and router are combined into a single device. This form is often found in small offices and residential installs of coax service (from someone like Time Warner, Comcast, Spectrum, etc.), and is often just called a cable modem or simply a router.
Here’s where things get tricky: depending on your service agreement with your ISP, the router may be managed by them, or it may be your own equipment, and both situations can be found in any size business environment. It’s a safe bet that if your company is big enough to have full-time IT staff, your company probably owns and manages its own router. Either way, make sure you know who’s responsible for the router before touching it.
The internet gets conveyed to your devices through two different means: via wire (usually through an Ethernet cable) or via wi-fi. Wired ethernet is delivered via devices called switches (often incorrectly called hubs, which are no longer used), and Wi-fi through access points. In both cases, that internet is delivered to a network interface on your device, which can take the form of an ethernet jack or an antennae. To make things even more confusing, it’s very common to find routers that are also switches and access points, but which may also connect to additional switches and access points, depending on how large your local network is and how your office is designed.
Made it this far and ready to try your hand at network troubleshooting?
When troubleshooting the most basic problem of internet service, ie. it’s not working, there are a few simple questions to ask that can point you to the possible source of the problem:
- Is everyone at that location unable to access the internet? If no, it might be a problem with one of the main devices like the modem/DSU or the router. Check those devices first. If they appear to be operating normally (no flashing yellow or red lights), then call your ISP to make sure service is not down in your area or location. They may or may not instruct you to cycle power on these devices, so make sure you call from a phone that can reach where those devices are connected.
- Wi-fi service is not working properly? If your wi-fi is delivered by separate access point, cycling power may resolve this issue. In larger office environments, this may not be possible as these devices are typically mounted out of reach, and may be physically protected from tampering. In those cases, contact the responsible support person. If your router handles the wi-fi, you may need to reboot the router to restore normal service. In most cases, cycling power on these devices will not harm them nor make them lose their settings, but make sure you know who’s responsible for managing the device before rebooting it.
- Single or small-cluster of wired devices down? Look for a problem with either the ethernet cable (snugly plugged in on both ends? no exposed wires or busted tabs on the cable ends?) or a local switch. Many small offices use switches to distribute network in cubicle and multi-occupant spaces. Look for green/amber lights on both switches and network interfaces. No lights usually means the network signal isn’t getting through for some reason.
- Lastly, did you reboot the device in question? Frequently, if the problem is isolated to a single machine (computer, printer, mobile device), rebooting may solve the problem, especially if it’s wi-fi related.
Tried all of the above and still stumped? Call in a professional!
Illinois-based security firm Team Cymru has released research findings that point to a wide-spread compromise of consumer-grade routers that are commonly installed in homes and small offices all over the world. As many as 300K of these devices from a variety of manufacturers have been hacked to redirect network traffic to counterfeit banking sites and possibly other malware-laden destinations. Though the hacked devices have been found all over the world, the highest concentration seems to be in Southeast Asia and Europe, with Vietnam, Italy, India and Thailand being hit the hardest.
What this means for you:
Hacked routers are not as easy to detect as a malware infection on a computer, primarily because most people never touch their home or small office routers except to install them or to reset them when their internet doesn’t work. In most cases, they might not even know how to access the router, and have long-forgotten the password used to configure and secure the device originally, if that install wasn’t completely handled by their internet service provider. In the hack mentioned above, all the affected devices shared a common trait of having their DNS altered to point to 2 specific IP addresses(22.214.171.124 and 126.96.36.199), allowing the hackers to effectively control where the compromised router sends any and all network traffic routing through that device.
Team Cymru recommends several ways to harden SOHO-class routers against the hacks used in the attacks mentioned above, but the methods require a familiarity with configuring network devices that is not usually found where these devices are installed. In order to make sure your router is secure, you’ll need to know the following:
- Who owns the router (you or the ISP)?
- If it’s owned by the ISP, are they managing it for you?
- If you own it, do you know the login and password for the device?
- Is your connection DHCP or static IP? (Most are the former as statics are an addtional charge)
- If it’s static, make sure you have the IP information documented.
- If you have access to the configuration of the router, is remote management enabled? If so, does it need to be?
- Has your router been updated to the latest firmware? If managed by someone else, will they handle the update?
Not sure how to go about filling in these blanks? Reach out to someone you trust (maybe C2?) with some basic networking and router configuration expertise and have them look at your SOHO router. Your router is a critical device in your home and office network and if it were hacked, every device (and person) connected to it could be severely compromised.
As if you didn’t have enough to worry about, the security blogosphere has dragged another bogeyman out into the daylight, and this one is ugly. Researchers from ioActive are now positing that rather than targeting businesses and their more sophisticated technology defenses, hackers could very easily begin to target consumer-grade equipment installed by internet service providers (ISP’s e.g. Time Warner or Comcast) in your home.
Why would they do this? Aside from the much flimsier technology used throughout the home-internet industry, the IP address assigned to your device is easily discoverable because the ISP’s themselves publish information about entire blocks of internet addresses that are allocated to them. This is doubly bad because not only do hackers now have an easy-to-parse list of targets, they can make assumptions about the targets based upon the ISP that services those addresses: things like the types of equipment used by the ISP (and default passwords), geographical locations, even the types of internet service (ie. DSL, cable, satellite, etc).
As part of their investigation into the feasibility of such an attack, ioActive researchers were able to compile a list of 400,000 actual devices installed in customer homes that might be vulnerable to a simple attack that could allow hackers to “own” the device and use it as a means to gain access to any computer connected to that device, ie. all the computers in your home. The basis for the attack? The simple assumption that the default administrative password was not changed since it was installed by the ISP.
What this means for you:
Having equipment installed in your home that you don’t understand and can’t personally confirm as secure is risky and negligent. It would be akin to leaving power tools lying around within reach of a child. Sadly, most ISPs have very thin (to nonexistent) policies around governing the security of the devices they install in your home, and worse, they often rely on third-party labor to do the installs, further increasing the chances that your router was installed quickly and possibly carelessly. On top of this, how many of you after having waited multiple hours for an internet install to happen, watched the installer rush out the door before learning anything about how your new equipment works, who to call for support, or how to change the password on the newly installed router?
Do yourself a favor: familiarize yourself with your internet router, WiFi access point, or any other piece of network equipment in use in your home, figure out how to log into the device(s), and then change the password to something that is hard to guess, and written down in a safe a secure place. Don’t make it easy for the hackers by continuing to ignore the backdoor into your home network!