Router Security IP Addresses Website by     
Michael Horowitz 
Home | Introduction | Router Bugs | Security Checklist | Tests | Resources | Reviews | About | Search |
 

IP Addresses

IP addresses are unique identifiers for computing devices on a TCP/IP network. Think Social Security Numbers for computers. They are written as four numbers separated by periods. Each number can range from zero to 254. I suggest avoiding the extremes, limit your IP address range to 1-253.

Some IP addresses are not allowed on the Internet, they are reserved for internal use only. That is, you can and should use them in your home or office. The most common of these are addresses that start with 192.168. The next two numbers can be anything (1-253). Any IP address that starts with 10 is also reserved for internal use only.

Most home networks range from 192.168.1.1 to 192.168.1.254. Half the homes in the world have routers with an IP address of 192.168.1.1 or 192.168.0.1 or 192.168.2.1.

One of the first things to change on a new router is the IP range it uses. That is, change the IP address of the router and the IP addresses given out by the DHCP server in the router (see below). Most routers that I have used were smart enough to modify the DHCP server settings when the IP address of the router was changed.

The reason to change default IP addresses is to avoid some types of attacks.

One example of this is a bug in D-Link routers that was reported in January 2015 (DNS hijacking flaw affects D-Link DSL router, possibly other devices). Quoting:

"A vulnerability found in a DSL router model from D-Link allows remote hackers to change its DNS (Domain Name System) settings and hijack users' traffic ... Attackers don't need to have access credentials for the affected devices in order to exploit the vulnerability, but do need to be able to reach their Web-based administration interfaces ... Rogue code loaded from a website can instruct a browser to send specially crafted HTTP requests to LAN IP addresses that are usually associated with routers."

The critical point being that using the same LAN IP addresses that everyone else does, makes you more vulnerable to certain types of attacks.

Here is an example of malicious JavaScript attacking modems and routers: Owning Modems And Routers Silently. This type of attack requires the bad guys to guess the IP address of the victim device. If you use a non-standard IP address, you are safer.

Another reason to chose a subnet that is off the beaten path is for VPNs. If, someday in the future, you setup a site to site VPN, having each site use its own subnet is cleaner and easier.

Regardless of the subnet, everyone is in the habit of assigning their router an IP address that ends with 1. This is a custom, not a requirement. Don't do it. Specifically, do not use 191.68.0.1, 191.68.1.1 or 191.68.2.1. Better choices on these same three networks are: 191.68.0.5, 191.68.1.11 and 191.68.2.250.

Which subnet to use? I would avoid the 192.168.x.x. networks that other devices default to. That means, avoid networks where the third number is 0, 1, 2, 3, 5 (used by Hawking), 10, 11, 19 (Anonabox), 50 (Peplink), 55 (Luma), 86 (Google OnHub routers and Google Wifi mesh system), 88 (used by MikroTik), 100 (cable modems) and 178 (FRITZ!Box). If you know of others, please send me an email. Some good networks would be 192.168.68.x or 192.168.77.x or 192.168.90.x.

As noted above, you can also use an IP address range that starts with 10. This, however, may require you to know a bit about subnet masks. If you keep the first three numbers the same for all the computing devices on your LAN, then use a subnet mask of 255.255.255.0 (24 binary ones on the left and 8 binary zeros on the right). If you like 10.something, then avoid 10.0.0.x , 10.0.1.x, 10.1.1.x and 10.10.10.x (used by HooToo in their HT-TM05 TripMate Titan Wi-Fi sharing device). Some easy to remember networks would be 10.11.12.x and 10.20.30.x. That said, easy to remember should not be a priority, security should be. So, something that no one would guess, like 10.43.27.x is better.

Other attacks that need to know (or guess) the internal IP address of the router:



Top 
This page was last updated: December 13, 2016 5PM CT     
Created: June 3, 2015
Viewed 18,994 times since June 3, 2015
(32/day over 595 days)     
Website by Michael Horowitz      
Feedback: routers_at_michaelhorowitz.com  
Changelog
Copyright 2015 - 2017