Wifi Router Setup Guide
First thing we look for when we are trying to set up a new router is the login information and the default IP address. Have you wondered what happens when we enter this IP in the web browser, why different vendors have different IP to connect to? What about those login credentials? Let’s explore this information in this article.
Where does this IP take me?
IP that you enter into the web browser is the IP address of the router. Router has many services such as ssh and ftp running. When a certain application (such as ssh) tries to connect with a particular device, they use the well known port number for that particular application (22 for ssh) along with the IP of the device they want to connect to.
When you enter the default IP of the router on the web browser, the browser will send the http request to the router on port 80 or 443.
When the request is received in the router on the above ports, a tiny web server running will handle this request. The response is the web page that we see.
This is similar to how every website works, the google.com we enter is translated to an IP which is handled by the web server located in some location. Only difference in the weblogins is the web server is running inside the router and the IP is the private one.
As an example if we consider a wifi routers running Openwrt operating system, the web server that it uses for weblogin is uHTTPd. uHTTPd is specifically developed to be very compact and less resource hungry because the routers have less processing power and memory constraints. Every vendor has their own lightweight web servers which are mostly proprietary.
Why so many different IP addresses?
Different vendors tend to have different default IP addresses and most of them are starting with either 192.168.x.x or 10.x.x.x. Here’s why.
All the IPs we have internal to our network are called private addresses, it is not unique in the world, you can have 192.168.1.2 IP in your home and your neighbour can use the same IP without a problem in their network. The allowed range of IP addresses for private use are the following:
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
Manufacturers can use any address from the above IP address range in their routers for providing their network. Some manufacturers go with 192.168.x.x series and some 10.x.x.x series. They typically have the first IP of that range assigned to the router. For the rest of the network the IP is provided from a DHCP server dynamically in the same subnet address as the router’s.
If your router’s default IP is 192.168.1.1 your devices in your network will probably have IPs in the range 192.168.1.2 to 192.168.1.244.
In the earlier days private addresses were divided into classes and each class had different number of hosts they could handle, for example the IP addresses starting with 10.x.x.x were class A, and they could handle up to 16777214 hosts, which is a huge number for even a small scale company. The 172 series could handle up to 16384 hosts. And the 192.168.x.x upto 254 hosts.
From the Above three classes of private addresses available the class C - 192.168.x.x was the most sensible one for home use, since 254 hosts is more than sufficient for home use. With the introduction of CIDR (Classless Inter-Domain Routing), we could create blocks of IP with number of hosts that we want; But most home routers still stick with the IP of 192.168.x.x. (192.168.1.1, 192.168.1.100, 192.168.0.1, etc),
Apart from using IPs, vendors also have the URLs to login to the router, for example in case of TP-Link it is http://tplinkwifi.net. These URLs are internally translated to the default IP.
Login Credentials and Security.
If you had bought a router few years back, and looked into the login information, you’d see a fairly simple login information such as:
Or something that’s similar like admin, 1234; the password was meant to be changed during the setup process. But there are many devices in the wild with default logins.
Having default logins is a serious security issue. Websites like shodan.io let users scan the routers on the internet with default logins; In fact it is one of the top searched thing after webcams and netcames. once you know the make and the model of the router anyone with access to this information can login into your router. This leaves the router prone to malwares and many attacks.
Manufacturers have come up with solutions that are more secure than the fixed login credentials such as unique default login passwords for each device, shipping devices without any password and make password setting mandatory during the setup process.
There have been instances where the manufactures failed to provide a secure login password trying to provide a unique password. One example is from TP-Link, which was shipping their WR702N devices with the login password extracted from the MAC address of the router, which might look safe in the first look until you realise that the MAC addresses are broadcasted in every packet and can be easily obtained by anyone in the physical coverage area of the access point. So it’s always better to change the default passwords even though the login information is unique.
Next time you look at router web logins, I hope you see things differently, and always remember to change your default password!