Securing Home Routers to Protect SLU and Personal Data

Overview:

Home routers are common targets for hackers. A compromised router puts your entire home network, including personal data and connected devices, at risk.  SLU strengthens its cybersecurity by educating remote users on how to secure their home routers. Hackers often exploit weak default settings in ISP-provided routers to launch malware attacks and steal data. To reduce this risk, SLU promotes good cyber hygiene by offering clear guidance, helpful tools, and easy reporting steps, empowering users to protect themselves and the university from router-based threats.

How Can a Hacker Break Into Home Routers?

Hackers often use the following techniques to compromise home routers: 

Attack Method 

What It Exploits 

Default Admin Credentials 

Factory-set login like admin/admin users forget to change 

Outdated Firmware 

Bugs and vulnerabilities in old router software 

Open Remote Access Ports 

Telnet, SSH, UPnP left enabled without protection 

Weak Wi-Fi Security 

Short passwords or outdated encryption (e.g., WEP) 

DNS Hijacking 

Changes DNS to redirect users to malicious websites 

 

Major Attacks on Consumer/Home Routers

  1. VPNFilter (2018) : Hackers infected over 500,000 routers (Linksys, Netgear, TP-Link) to steal data and permanently disable devices.
  2. Mirai Botnet (2016) : Attackers took control of IoT and home routers with weak passwords to launch massive DDoS attacks reaching 1.5 Tbps.
  3. AyySSHush Botnet (2025) : Cybercriminals used command injection to open hidden SSH backdoors in ASUS routers, gaining silent remote access. 
  4. Cyclops Blink (2022) : Threat actors replaced firmware on ASUS and WatchGuard routers to install malware that could survive reboots and avoid detection.
  5. ZuoRAT (2022) : Hackers hijacked small office/home (SOHO) routers (ASUS, Cisco) to spy on users, hijack DNS, and move into internal networks.
  6. GhostDNS (2018) : Criminals attacked over 100,000 routers in Brazil, changing DNS settings to redirect users to fake, malicious websites.
 

Why Home Router Security Matters? 

Home router risks are serious because they can affect both your personal safety and SLU’s systems. Here’s why securing your router is important: 

  • Hackers can spy on what you do online, including your personal and school activities. 
  • They can redirect you to fake websites to steal your usernames, passwords, or other private info. 
  • They can install malware that stays on your network and infects your devices. 
  • They can use your router in big attacks like DDoS, slowing down or crashing into other systems. 
  • They can reach SLU’s systems through your VPN or cloud access, putting university data at risk. 

How to Know If Your Router Is Hacked? 

  • Look for strange behavior – Slower internet, random disconnections, or the router rebooting on its own can cause trouble.  
  • Check router login – If we can’t access router settings or if the admin username/password has changed, someone else may have taken control.  
  • Watch for weird redirects – If our browser takes us to unfamiliar or fake-looking websites, your DNS settings may have been hijacked.  
  • Scan for unknown devices – Log into router (usually at 192.168.0.1 or 192.168.1.1) or your provider app and check for devices we don’t recognize on our network.  
  • Use free security tools – Apps like F-Secure Router Checker, Avast Home Network Security, or Trend Micro House Call can help detect hijacks, open ports, or malware. 

How to Keep Yourself and SLU Safe

SLU can stay safe by taking these simple but important steps: 

  • Secure Admin Access: Change the default admin username and password to a strong, unique combination to prevent unauthorized logins.
  • Keep Firmware Up to Date: Manually check router settings or app to ensure the latest firmware is installed, even if your ISP provides automatic updates.
  • Disable Unsafe Remote Features: Turn off features like Remote Management, UPnP, Telnet, and WPS to reduce the risk of external attacks.
  • Strengthen Wi-Fi Security: Use WPA2 or WPA3 encryption and set a long, complex password. Enable a guest network for visitors and smart devices.
  • Use Trusted DNS and Monitor Devices: Configure secure DNS (e.g., Google or Cloudflare) and regularly review connected devices using router or ISP app to block unknown access.
  • Use SLU-Specific VPN Guidance: SLU uses Global Protect VPN and provides setup instructions.
    1. Connecting to Global Protect VPN Before Logging on to Windows Computer 
    2. Remote Access VPN (Global Protect) Request for Students or Contractors.
  • Include SLU, in any Incident Reporting: Users should report suspected router compromises to ask.slu.edu or the ITS Help Desk (click here for more info)

DNS Settings & Identifying Unknown Devices

 

DNS Configuration of a few commonly used router devices:

Brand

App/Platform

Configuration Steps

Netgear

Nighthawk App

Open app → Wi-Fi settings → Internet → Set manual DNS

TP-Link

Tether App

Open app → Tools → Internet Settings → Advanced → DNS settings

ASUS

Web UI / ASUS Router App

WAN > Internet Connection → Enable "No" for "Connect to DNS Automatically" → Enter DNS

Linksys

Web UI / Linksys App

Connectivity > Internet Settings > Edit → Manual DNS

ISP (e.g., Spectrum, AT&T)

ISP App or Call Support

May not allow DNS changes on locked devices – check via app or call support

 

Check for unknown devices, following are the examples of a few commonly used Tool/App: 

Tool/App

Configuration Steps

Net gear Genie / Nighthawk App

1. Open the app

2. Log in with your Netgear router/admin credentials

3. Tap “Device List” or “Connected Devices”

4. View each device name, IP, MAC address

5. Tap an unknown device → select Pause, Block, or Rename

TP-Link Tether App

1. Open the Tether app

2. Select your TP-Link router

3. Tap “Clients” or “Devices” tab

4. View the list of connected devices

5. Tap unknown device → select Block or Add to Blacklist

Xfinity App

1. Open the Xfinity app

2. Sign in with your Xfinity account

3. Tap “Connect” at the bottom

4. Tap “Devices” to view connected devices

5. Select any unknown device → tap Pause Device or Forget

MyAT&T App / Smart Home Manager

1. Open Smart Home Manager via MyAT&T App or website

2. Tap “Network” or “Devices”

3. Review the list of connected devices

4. Tap unknown device → select Block Access or Rename for clarity

 

Note: These steps cover commonly used apps and routers for reference

Conclusion:

Secure home router to protect both personal data and SLU systems. Hackers target weak routers to steal information and gain network access. Take simple actions: change default passwords, update your router's firmware, disable risky features, use strong Wi-Fi security, and monitor connected devices. If we follow these steps, we can reduce cyber risks and help SLU stay safe and secure.

Print Article

Related Articles (1)

Protecting Your Personal Devices and Data
Guidance for how to maintain a secure presence on the web and how to keep your devices protected.