[Ham-Computers] Change User Name & Password in Router Settings: Is it more Secure?

Ray, W4BYG w4byg at att.net
Thu Mar 31 11:01:05 EDT 2016 

Aaron,
I appreciate the comprehensive reply given below.  I wasn't aware of the 
"netsh" command and it's possibilities.

However I have a question regarding using WinXP.  When I enter the 
netsh...  command I get:

"Please use 'net start remoteaccess' to start the service".  When I do 
that I get: "System error 1058 has occurred.  The service cannot be 
started because it is disabled or because it has no enabled devices 
associated with it.

Any clue as to where to go from there to enable the service?

Your assistance is appreciated.
Ray, W4BYG


On 3/31/2016 12:38 AM, nn6o wrote:
> Hi all,
>
> A little late to this discussion, but I'll through in my $0.02 anyway. =)
>
> 192.168.1.xxx is the most common subnet for SOHO routers, but not all products
> default to ".1".  For example, AT&T branded products (regardless of
> manufacturer) uses 192.168.1.254 these days for all of their gateways (DSL &
> Uverse), AFAIK.  Also, some companies use a different subnet depending on what
> the device is - for example, Netgear routers are usually on 192.168.1.xxx, but
> their products that are or have built-in modems usually use 192.168.0.xxx.
> This makes sense as a router is often placed "behind" a stand-alone modem, so
> you didn't want both to use the same subnet (lest there be routing problems).
>
> In Jim's case, the product is a "wireless gateway" router with a built-in
> cable modem by Netgear, so it sits at 192.168.0.1 (unless Cox modded the
> firmware to default to something else).  If opening a browser to 192.168.0.1
> doesn't work, then, as others have noted, PING, TRACERT, and/or IPCONFIG can
> be used in a command line in Windows (or similar tools in Linux) to determine
> where the router "sits".  There are also GUI tools built into Windows for
> this, but each flavor of Windows moves that GUI around; however the command
> line (CLI) tools are still there, and thus, more useful.
>
> IPCONFIG is the most common CLI to determine the local IP address and possibly
> the router address.  In most SOHO cases, the "Default Gateway" listed by
> IPCONFIG is the address of the router/modem and entering this address in a
> browser (IE, Firefox, Chrome, etc) will open the router's GUI admin page.
> Unfortunately, in newer flavors of Windows, IPCONFIG spits out so much info
> that it's hard to find exactly what you're looking for (unless you've done it
> enough times).  That's where another Windows CLI tool comes in handy...
>
> NETSH - this is the Windows CLI "power tool" for network settings.  Just about
> everything related to the Windows networking stack can be configured via
> NETSH.  So, to find out which network "interface" your PC is using, use the
> following in a command prompt:
>
>    netsh int ip show int
>
> NETSH will respond with a list of all the active interfaces and their
> connection state - look for the one(s) that's "connected" and make note of its
> "Name" (in Windows XP thru 7, the name is usually "Local Area Connection" with
> possibly a number added if more than one adapter is installed.  I believe
> Windows 10 uses "Ethernet" and "Wireless".).  Then use the following to get
> the IP address info:
>
>    netsh int ip show addr "Name of interface"
>
> replacing "Name of interface" with the actual name found one step earlier.  If
> the interface name has more than one word, then you need to enclose the whole
> name in quotes (").  For example, use "Local area connection" for most Windows
> XP/Vista/7 systems.  NETSH will respond with the local IP address, the
> gateway, and some additional info.  BTW, NETSH commands can be abbreviated as
> I have done above - "int" is interface, "addr" is address (minimum of the
> first 3 letters of the command).
>
> Yes, it seems harder to run two commands than to just use IPCONFIG, but with a
> computer novice, it's actually much easier as you don't need to parse through
> the 50+ lines IPCONFIG returns (let alone the additional info given by
> IPCONFIG /ALL) and explain how to read the info.
>
> Once you have the address of the gateway, PING it.  If it replies, then ping
> 4.2.2.1 (Level3 DNS server - always up).  If it replies, you know your
> internet connection is working.  Then ping ping.symantec.com (a ping
> responder).  If it replies, then your DNS configuration is working and you
> should be good to go.
>
> And, if you're unlucky enough to be running Windows 8(.1), NETSH can be used
> to manage your wireless profiles.  Remember how you could add or delete WiFi
> profiles in Windows XP and 7?  They removed the GUI for this in Windows 8, but
> NETSH can be used to manage these profiles.
>
>    netsh wlan show profiles
>    netsh wlan show profile "profile name"
>    netsh wlan delete profile "profile name"
>
> Replace "profile name" with the actual name of the profile.  These three are
> probably the most asked for to show what profiles are stored by Win8, the
> basic info about the profile, and how to delete the profile.  And the last
> useful NETSH command for now (as we're now waaay off-topic):
>
>    netsh wlan show networks
>
> This will show all the currently detected wireless networks in your area.
>
> OK, back to the security question - as someone earlier mentioned, it's always
> best to change a default password.  If someone visits and you let them on your
> network, they can screw with the router settings unless the password is
> changed.  Same with the wireless encryption - always enable it (WPA2/AES or
> better preferred) and make it strong.  Better yet, stick a second router
> behind the modem and double-NAT.  Yes, this use to be discouraged, but it's no
> longer problematic and many do it to add functionality - let the modem be
> "just a modem" and use a router with better capabilities (such as QoS,
> better/faster WiFi, etc) do the routing.
>
> At home, I have a UVerse modem running in "passthru" mode feeding an ASUS
> wireless router.  I'm currently partial to ASUS routers that run 3rd party
> firmware - TomatoUSB (by Shibby) or AsusWRT by Merlin.  AsusWRT is more
> stable, but TomatoUSB has much more functionality.  For basic needs, the Asus
> RT-N12 is cheap and reliable (with 3rd party firmware).  I also run Asus
> RT-AC68, RT-AC56, and RT-N66 models (all with Tomato/Shibby); these are
> supported by 3rd party firmware - other models may not be supported.
>
> Anyways, (as always) I hope I've made things clear as mud!  <g>
>
>
> 73,
>
>    - Aaron Hsu, NN6O
>
>
> -----Original Message-----
> From: Ham-Computers [mailto:ham-computers-bounces at mailman.qth.net] On Behalf
> Of Jim Hill
> Sent: Tuesday, March 22, 2016 12:06 AM
> To: ham-computers at mailman.qth.net
> Subject: [Ham-Computers] Change User Name & Password in Router Settings: Is it
> more Secure?
>
> In the past, I entered 192.168.1.1 and changed my user name and password to
> increase security, but recently rented a Netgear N450 CG3000Dv2 modem-router
> from Cox Cable.  Cox seems to be having Internet problems from time to time,
> and having a device they "bless" might make troubleshooting easier.  Also, I
> didn't like my Ciso Linksys EA2700 router.  If I like the Netgear, I'll buy
> one.
>
> I can't access 192.168.1.1.  I have not contacted tech support yet, but then
> thought preventing access might be intentional to make it easier for them to
> resolve problems.
>
> Then I had another thought - is there any real security benefit for the
> average home user to make the changes?  There is nobody in my home that will
> involved in "bad" things.
>
> Jim, w6ivw
>
> ______________________________________________________________
>
>
> ______________________________________________________________
> Ham-Computers mailing list
> Home: http://mailman.qth.net/mailman/listinfo/ham-computers
> Help: http://mailman.qth.net/mmfaq.htm
> Post: mailto:Ham-Computers at mailman.qth.net
>
> List Administrator: Duane Fischer, W8DBF
> ** For Assistance: dfischer at usol.com **
>
>
> This list hosted by: http://www.qsl.net
> Please help support this email list: http://www.qsl.net/donate.html
>


-- 
I'm no longer young enough to know everything!


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

More information about the Ham-Computers mailing list