The securitycartoon.com website has an excellent series about why it's important to change your modem's password. Click on any of the cartoons in this article to see a full-size version of it in a new window.

In addition to translating (modulating and demodulating) the analog signal in the phone line to and from a digital signal that your computer can understand, today's modems also connect to Domain Name System (DNS) servers. Hence, they may also be called "routers," "residential gateways," or "default gateways."

Infecting routers is just one example of "pharming," a hacking technique related to phishing that involves sending users to bogus, counterfeit websites so that their password and other credentials may be stolen.  The difference is, phishing involves taking a user to a site that looks similar to another but has a different URL, while pharming involves changing the IP address of the site the URL points to.

A related exploit is the practice of DNS server hijacking.  Rather than changing the addresses of the name servers your router uses, this involves changing the DNS server itself.  A report published recently by Georgia Tech estimates that there are currently 68,000 rogue DNS servers.  If this doesn't concern you, well, it should.

Wireless Modems: Vulnerable to Drive-by Pharming 

Home users' wireless modems are especially vulnerable to "drive by pharming," which involves logging into a wireless modem and changing its DNS servers and even its firmware.

This is analogous to someone changing your phone so that every call you make can, at the whim of the hacker in control of the bogus DNS server, optionally go to an imposter rather than to the business you are trying to contact.

Although changing your modem's password does not completely prevent you from falling victim to this type of exploit, it is a very simple step you can take in the right direction.

Be Sure to Use a Strong Password

It is essential to choose a strong password - that is, one that is not easy to guess.  Many if not most routers do not have the capability to prevent a "dictionary attack."

Another way to help prevent falling prey to this exploit is to be sure that any time you make sensitive information available over an internet connection, that it is through a secure connection.  Anytime you perform a financial transaction online, ensure it is through a connection using HTTPS rather than HTTP.  

The HTTPS protocol transfers information over a Secure Socket Layer (SSL) and requires a  certificate.  To ensure you are at the correct site, you must pay close attention to any warnings your browser may display about the certificate being invalid.

If You've Never Changed Your Modem's Password

How can you tell if your modem has been compromised?  Unless you're comfortable logging into your router and changing its settings, it's probably best to call your ISP.

In some cases they may have already set or reset the password for you, and in other cases they may be able to do so if you ask them to.  They should at least be able to tell you which DNS servers are correct, and how you can check them.

If your set up is similar to mine and includes a wireless router behind a modem issued by your ISP, they may tell you that you are on your own.  In this case, if you never changed your password it may be best to play it safe and paperclip your router, returning it to its default settings, and start from scratch.  As you've no doubt noticed, I'm a bit paranoid, and therefore have always protected my routers with strong passwords.

This is just one example of the type of information available at the securitycartoon.com website.  I find the field of computer security to be fascinating, and as soon as I stumbled on this site I dropped everything and read all of the cartoons.  Among other things, reading these cartoons made me realize that since my laptop died I was no longer using the wireless router, so I disabled that feature.

I think it is awesome that the authors of the securitycartoon.com site have done their best to help simplify these extremely important yet sometimes all too complicated concepts!

This website, groja.com, and artsyvisions.com all run on a dedicated linux server in my dining room.  I've invested a great deal of time and money putting all this together, and am ready to start seeing a return on this investment.

If I am actually going to start promoting these sites, I need to make my LAN as stable as possible.  That, in turn means switching from using DHCP to assign IP addresses to using static IP addresses.  

If that last sentence makes little or no sense to you, or you are curious as to how I accomplished this goal, this article is for you!  As a self-professed "culture shock junkie" I have done a variety of things in my lifetime, but system administration is definitely not my forte.  

This was a difficult project and I can only hope that publishing this how-to will help enlighten others who may want to accomplish a similar task.  People who are interested in knowing more about computer networking should also continue reading.  Non-nerds should probably either scroll down or click on "Art" or "Life."

Networking Basics

Each computer on the internet has its own address, known as an Internet Protocol (IP) address.  Whether they know it or not, most home users have their modems set their computer's address dynamically and transparently using Dynamic Host Configuration Protocol (DHCP).  It's a great mechanism because most home users don't need to know what their IP address is.

This and two other websites run on a dedicated Gentoo server running Linux, Apache, MySql, and PHP (LAMP).  People access these sites through a single static IP address, 210.124.10.54 .

Counting the production and test servers I have four computers in all, but as far as the internet is concerned all four have the same IP address.  A Comtrend ADSL router manages communications between the four computers and the internet.  

Most people, including some of my system administration buddies and the support people at my ISP, call this router a "modem."  Because it translates (modulates and demodulates) analog phone signals to and from the digital signals that computers can understand, it does indeed function as one.  

Other terms appropriate for what I call the "Comtrend router" include "residential gateway" and "default gateway."  I prefer the term "router," because using it to control how communications are routed in my Local Area Network (LAN) is, to me, its most important feature.

I was using DHCP for awhile but after a recent power outage decided this was no longer practical, because when routers and computers go down and come back up, DHCP does not necessarily assign the same IP address to the same computer.  This means that when the power comes back on the test server could get the IP address the production server was using, and vice versa.

The LAN Behind 210.124.10.54

Following is a diagram of my Local Area Network (LAN).  Click on it to see a larger version in a new window.

Note that in addition to the Comtrend router and four PCs it includes a Linksys Wireless Router.  To configure one of these routers I type its address into a web browser, enter the password, and use the web application built into it.

After being reset to their factory defaults - that is, not just rebooted but paperclipped - both the Linksys and the Comtrend by default have a local IP address of 192.168.1.1.  Because both Gentoo servers are "headless" - that is, they have no monitor attached and are accessible only via the command line - I had to change the IP address of the Linksys to 10.0.0.1 .  This enables me to access the Comtrend from behind the Linksys.

This configuration allows me to access not only both routers but also both the test (local IP address 192.168.1.6) and production (192.168.1.7) Gentoo Linux servers from either the Fun PC (10.0.0.101) which runs Mac OS X or the Main PC (10.0.0.100) which runs both SuSE Linux and Windows XP.

Before I figured out how to configure these using static IP addresses, the Gentoo boxes would get IP addresses of 10.0.0.? and the Fun and Main PCs would get IP addresses of 192.168.1.?, where the "?" was assigned by the router and would in general depend on the order in which the PCs were booted.  And that's why I had to do this before I could promote these sites, particularly here in the middle of thunderstorm season, when the power goes out all too often.

How to Set Static IP Addresses

The skinny is, to set the IP address in a computer it needs these things:

• The IP address
• The IP address of the router, aka. the "default gateway"
• The IP addresses of the name servers

Additionally, the router needs to know that rather than set the computer's IP address dynamically the computer is going to set its own.  Each of the operating systems I am using has its own way of specifying these values.

Dealing with how to configure the routers is beyond the scope of this article.  Consult your ISP, the documentation that came with your router, or just have fun experimenting - and keep that paperclip handy!

The changes to the operating systems need to be synchronized with those to the routers.  If you are using two routers, it may be necessary to keep one of them out of the mix while getting everything set up using the other.

Another potential source of frustration is dealing with headless servers, because resetting the network may kill the connection.  At the least it's best to arrange the hardware so that you can easily and temporarily plug a monitor into the servers.  If you have an old monitor in the basement or whatever, it may be worthwhile breaking it out before getting started on all this. 

Setting a Static IP Address in Gentoo Linux

In Gentoo Linux, specify the desired IP address and default gateway in the /etc/conf.d/net file using this syntax:

config_eth0=( "192.168.1.6 netmask 255.255.255.0" )
routes_eth0=( "default via 192.168.1.1" )

If you are using two network cards or a wireless connection you may need to change the "eth0" as appropriate.

Set the nameservers in /etc/resolv.conf using this syntax:

nameserver 192.168.30.2
nameserver 192.168.31.2

Note that your name servers may be different, so you may have to use different values.  As I recall, both SuSE and Mac OS X were "smart" enough to know these, so if you are in a hybrid environment it might help to set up a different OS before setting up your Gentoo boxes.  If in doubt, call your ISP.

To put these changes into effect requires using these commands to restart the interface:

cd /etc/init.d

./net.eth0 stop

./net.eth0 start 

Again, you may need to change the "eth0" to the value appropriate for your environment.  Note that if you are logged in remotely, stopping the network like this will kill your connection.  I love Gentoo, one reason being because I am a DIY type and it reminds me of simpler times when we used to fix our own cars!

Setting a Static IP Address in Mac OS X

In Mac OS X, specify the desired IP address and router (aka. default gateway) using "System Preferences..." in the Apple drop-down menu.  Click on Network (under Internet and Network) and select "Manually" in the "Configure" drop-down list.  

If you've made changes to your /etc/hosts file, you may want to save a copy of it before changing your network's configuration.  Changing these options overwrites this file so saving a copy of it will enable you to merge your changes into the new version. 

As I recall, it was "smart" enough to figure out the default gateway and name servers on its own.  Actually, that's how I got the values to plug into the Gentoo configuration files.

Changing these values causes Mac OS X to restart the network automatically.  If something's not right, you will probably get an understandable error message in plain English.  What a concept!  And that's one of the reasons I call this my "Fun PC."

Setting a Static IP Address in SuSE Linux

In SuSE Linux, specify the desired IP address by logging in as root, starting up YaST, and clicking on Network Devices.

If you've made changes to your /etc/hosts file, you may want to save a copy of it before running YaST.  The GUI tool overwrites this file so saving a copy of it will enable you to merge your changes into the new version. 

As I recall, YaST was "smart" enough to figure out the default gateway (aka. router) and name servers, and restart the network interface, on its own.

Setting a Static IP Address in Windows XP

In Windows XP, specify the desired IP address and default gateway by clicking on the following sequence:

• Start -> Connect to -> Show all connections
• LAN (Right click) -> Properties
• Select "Internet Protocol (TCP/IP)" in the list then click on Properties

I am not a big fan of Windows, and so did this one last.  (About the only time I use it for is to change the ink cartridges in my printer - it has a nice wizard that moves the heads into position and cleans them and whatnot.)

Having already figured out how to do this on the other OSes, once I found "Internet Protocol (TCP/IP)" in the drop-down list, doing this in WinXP was a piece of cake.  As I recall changing the values caused the OS to restart the network automatically.

Troubleshooting

Before doing all this I knew very little about networking.  Mostly I just plugged things in and if they didn't work (for example, after a power outage) I'd grumble a little at Xcel Energy, run some ifconfig commands, change the various /etc/hosts files, and be on my way.  It seems simple enough now that I've figured out how to do it, but I do not want to admit how long it took to get this done.

• One rule that applies whether you're working on a car's engine, or programming, or troubleshooting a network is, sometimes it's best to let things be and just get some rest.  (OK I admit, it took me more than one day to do all this!)
• For example:  198.162.1.6 is not the same as 192.168.1.6

When choosing the static IP addresses to use, take note of the following:

• IP addresses in the subnet behind a router need to be in the same subnet
• This means that if you change a router's IP address to 10.0.0.1 then the computers behind it also need IP addresses of the form 10.0.0.X
• There is something called a "subnet mask" that defaults to 255.255.255.0 and probably affects this range of IP addresses - but I'm no expert, it's working now, and need to get on with other projects...
• Small typos can lead to massive frustration: no matter how many times you reboot the router or PCs or both, 198.162.1.6 is not in the same subnet as 192.168.1.1

Another general rule in problem solving is, haste makes waste, and if you're getting frustrated it may be because you're just not seeing the whole problem.

Specifically. in Gentoo:

• There's a helpful file named /etc/conf.d/net.example that contains the lines to set the IP address (config_eth0=( "192.168.1.6 netmask 255.255.255.0" ))
• In my haste to fix the problem what it was saying about /etc/resolv.conf just didn't register
• But I swear I had it working at one point with just the IP address in the /etc/conf.d/net file (or ... I suppose it's possible I was suffering from sleep deprivation?)!
• A quick googling let me straight to the page in the gentoo handbook that explained how to do this

Congratulations!

If you've read this far, you must be a geek!  My guess is that knowing how to do something like this is akin to knowing how to tune up your car: most people are blissfully ignorant and those who might want to try it probably make big bucks doing it for a living.

If you're the type who is neither dummy nor expert, welcome to the club!  Allowing comments here is just not practical at this time, but if feel free to drop me a line.

Finally, if reading this has put you in a frame of mind where you want to do something simple yet effective, be sure to change your router's password.

I have been assuming that joomla! is masked in portage for the same reason my friend's site got hacked a few years back: because of an exploit known as cross-site scripting (XSS).

As it turns out, joomla! is susceptible to an exploit that is new to me cross-site request forgery: (CSRF).  It took a little while to digest how this might work, so I will not attempt to improve on the excellent explanation of CSRF attacks at wikipedia.org (which is where that last link takes you).

It came as some surprise to me that combining online banking with surfing an insecure yet otherwise ostensibly trustworthy forum could enable a criminal to steal from you!  I'm almost afraid to ask: what will they think of next?!?

What is worth saying here is that once I get to a good stopping point (or run out of savings or both) I will want to find another "real job"
and will not be able to monitor this site on a daily basis. Developing these sites is fun but I will not let them interfere with whatever duties are mine when I find and accept the next opportunity.

And it's for these reasons - CSRF attacks and my being a strictly part-time webmaster - that I have no intention of enabling comments here at any time during the near future.

Sorry to disappoint you but this is indeed for your own protection!