![\"\"](\"https:\/\/www.robustel.com\/wp-content\/uploads\/2021\/01\/PUTTY.png\")
<\/p>\nMany users may have encountered this problem before – despite repeatedly typing in the correct password, they can’t log in to the router.
\nDon’t be surprised – the login window has automatically locked down to protect the router from cyber-attacks.<\/p>\n
This situation is most commonly found in devices that have a publicly addressable IP. Since Public IP addresses can be visited from any computer, devices on these networks have increasingly become a target for malicious attackers.<\/p>\n
They would start by using a tool to scan standard web ports like 80 and 443. Using exhaustive brute force methods, attackers would attempt to login using different passwords, to try and crack the account.<\/p>\n
If you were able to access a router through TELNET\/SSH, you would see a dialogue window like the image below:<\/p>\n
<\/p>\n
Attempting more than 10 thousand logins doesn\u2019t take long, and the application tool can run automatically day and night, until it finds the correct username and password.<\/p>\n
So as mentioned above, in order to prevent the device from being continuously attacked, the system locks the login window.<\/p>\n
To users who rely on public IP, it is strongly recommend that you implement a protective strategy, fundamentally to prevent untrusted parties from accessing the device.<\/p>\n
The suggestions are as follows:<\/p>\n
1.Disable unnecessary remote logins<\/p>\n
![\"\"](\"https:\/\/www.robustel.com\/wp-content\/uploads\/2021\/01\/Disable-unnecessary-remote-logins.png\")
<\/p>\n
For example, I usually only use the WebUI to access the device, so with SSH\/TELNET\/HTTP remote access disabled, the only option left for access is HTTPS.<\/p>\n
This reduces login opportunities for unwelcome parties.<\/p>\n
2. Set an Allow List (previously called \u201cWhitelist,\u201d) so only trusted people can access the device.<\/p>\n
![\"\"](\"https:\/\/www.robustel.com\/wp-content\/uploads\/2021\/01\/Set-an-Allow-List.png\")
<\/p>\n
When you set an Allow List address, please note that the IP must be the outbound IP, not your internal host.<\/p>\n
In the topology example below, you can see the Allow List approves IP 100.10.10.10, which is the office\u2019s main IP router used for communicating with a public network, not the host IP 172.16.70.10.<\/p>\n
![\"\"](\"https:\/\/www.robustel.com\/wp-content\/uploads\/2021\/01\/Allow-List-topology-example-1024x246.jpg\")
<\/p>\n
3. Change the web server port to an unknown port. 80 and 443 are the standard web service ports, which attackers usually scan.<\/p>\n
By combining this approach with the first step, (only leaving https for accessing, and changing to a port that only trusted people know), the malicious visitor won’t be able to access the device\u2019s web service because they don’t know the port.<\/p>\n
![\"\"](\"https:\/\/www.robustel.com\/wp-content\/uploads\/2021\/01\/Change-the-web-server-port-to-an-unknown-port.png\")
<\/p>\n
For example, it is set it to 47008, when accessing this device. So the address would be https:\/\/xx.xx.xx.xx:47008.<\/p>\n","protected":false},"excerpt":{"rendered":"
How to protect your Robustel router from cyber-attacks<\/p>\n","protected":false},"author":2,"featured_media":4909,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21,246],"tags":[],"class_list":["post-4904","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-iot-technology-solutions-blog","category-faq"],"acf":[],"yoast_head":"\n