tymbusku
Posts: 2
Joined: Mon Jun 18, 2018 12:35 pm

Raspberry Pi 3 kills NETGEAR router

Wed Sep 19, 2018 1:38 am

Okay, so I just bought a Raspberry Pi 3 and set up SSH on it (putting empty file "ssh" on boot partition of SD card) and plugged it into my router via Ethernet. Everything was working fine. I then tried to see what the Pi can do and hosted a simple web server on port 80. I then port forwarded ports 80-90 (I would use ports 81-90 for other stuff) and tested it. Everything was fine and working. One time I tried to set up wireless WiFi but shrugged it off because it didn't seem to work and didn't revert changes. After a while I decided to see what would happen if I forwarded port 22. This was when my router started slowly dying. From that point on I couldn't connect to any website at all. Unplugging the Pi would restore everything. But plugging it back in would kill the router again. I thought that port 22 had something to do with it (idk) so I turned it off. Still would kill my router when plugging in. I pulled the power plug on the Pi to kill the web server process and plugged it back in. Still killed my router. How do I fix this?

Additional info:

Can only connect to RPi using PuTTY on Win10 PC, no external keyboard
RPi doesn't use Raspian desktop or whatever that is, just the raw shell

W. H. Heydt
Posts: 8872
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: Raspberry Pi 3 kills NETGEAR router

Wed Sep 19, 2018 2:50 am

Since both web servers and ssh daemons are, essentially, passive in that they wait for inbound traffic and then respond. It's very difficult to see that the Pi could be doing anything to your router.

I would start by closing the open ports and then changing the router password. The next thing I would do would be wipe the SD card in the Pi and start over, making sure to change the password for pi before opening any ports in the router. If you have a way to verify that your router hasn't been compromised by malware, do that as well.

You might consider doing a web search on your router's model to see if there are any reports it being subject to malware attacks.

Heater
Posts: 9829
Joined: Tue Jul 17, 2012 3:02 pm

Re: Raspberry Pi 3 kills NETGEAR router

Wed Sep 19, 2018 4:13 am

It's very hard to imagine that your Pi is killing a router. As noted above.

Suggest changing the title of this thread to so as to not imply it does. Unless of course we eventually determine that your Pi can kill a router.

In your situation I would be curious and want to find out what is going on. To that end I would:

1) Return the router to it's factory defaults.

2) Put a fresh Raspbian image on the raspi SD card.

3) Start to configure things, one step at a time, one port at a time, until something breaks. if it does.

Ernst
Posts: 675
Joined: Sat Feb 04, 2017 9:39 am
Location: Germany

Re: Raspberry Pi 3 kills NETGEAR router

Wed Sep 19, 2018 7:30 am

tymbusku wrote:
Wed Sep 19, 2018 1:38 am
...
After a while I decided to see what would happen if I forwarded port 22. This was when my router started slowly dying. From that point on I couldn't connect to any website at all. Unplugging the Pi would restore everything. But plugging it back in would kill the router again. I thought that port 22 had something to do with it (idk) so I turned it off. Still would kill my router when plugging in. I pulled the power plug on the Pi to kill the web server process and plugged it back in. Still killed my router. How do I fix this?
You have opened port 22 to the world, it is not unexpectable that some many "hackers" are trying to break in to your system. First thing to do, before enabling port forwarding on the router and ssh on the Pi, is to disable ssh password authentication on the Pi and to use keys instead. Then you should reboot your router and/or modem so that you get a new IP-address which normally happens on ADSL connections. If you are serious about accessing you Pi from the outside world then you should invest some time to implement fail2ban to give some additional protection.
My first computer was an ICT1500, my first "personal" computer was the Science of Cambridge Mk14, followed by a TRS-80 Model I later

User avatar
Paul Webster
Posts: 745
Joined: Sat Jul 30, 2011 4:49 am
Location: London, UK

Re: Raspberry Pi 3 kills NETGEAR router

Wed Sep 19, 2018 8:11 am

Agreed - looks like you opened up your system to hacking scripts when you forwarded ports.
If you have done nothing significant on your Raspbian installation then overwrite the SD card with a fresh copy of Raspbian, turn off your port forwarding and, as a minimum, follow the steps in the guide at
https://www.raspberrypi.org/documentati ... ecurity.md

mfa298
Posts: 1300
Joined: Tue Apr 22, 2014 11:18 am

Re: Raspberry Pi 3 kills NETGEAR router

Wed Sep 19, 2018 8:17 am

tymbusku wrote:
Wed Sep 19, 2018 1:38 am
After a while I decided to see what would happen if I forwarded port 22. This was when my router started slowly dying.
To follow on from what Ernst has said.

If you didn't change the password for the pi account then it's highly likely your pi has been compromised. This means your pi is probably now taking part in scanning for other vulnerable systems on the local network and internet as well as potentially doing other things you don't want.

Best bet is probably to disable the port forwards on your router, wipe the sd card and start again. The very first thing you should do is change the pi user to something else (alternatively create a new user with a strong password and remove the pi user).

If you want to open up ssh to the world then spend some time ensuring it's secure, fail2ban is one good way to start, other options are to enforce the use of ssh keys rather than passwords for login and moving ssh away from port 22 (choose something random not just 2222). Most of that won't stop the attempts but they aim to reduce the likelihood of them succeeding.

jbudd
Posts: 706
Joined: Mon Dec 16, 2013 10:23 am

Re: Raspberry Pi 3 kills NETGEAR router

Wed Sep 19, 2018 3:13 pm

Don't just forward port 22 to port 22. Instead use a high external port number eg 45107. You can connect from the net by eg ssh -p 45107 [email protected]_ip_address but few baddies will notice the open port, so you will have much less incoming traffic.
sudo apt-get install fail2ban will immediately start banning SSH connections from IP addresses after 6 incorrect password guesses.

I wish I understood how much protection is needed for ports 80/88, 1880 etc and how to tweek fail2ban to provide it!

Your Pi and/or router may not have been compromised but it's better to start again just in case.

Return to “General discussion”

Who is online

Users browsing this forum: andrum99, humbug, llucis and 52 guests