My ISP has me on a DHCP network and so I don't have a fixed IP address — it keeps changing.
The internet, however, occasionally stops working and I need to log into my router's admin panel and perform a DHCP release+renew to fix it. I don't generally mind it since I can get the internet working without having to call my ISP up. However this happened multiple times a few days back, and it got so annoying that I decided to automate the whole thing.
I wanted a command line tool with which I could issue a command to release and renew the DHCP connection. Making the CLI was super easy once I figured out the requests I need to send to the router.
The starting point was to inspect the HTTP requests being made while performing the actions needed to do a DHCP release+renew. And here's what I found:
POSTs at all - not even while logging in.
The third point was the most disturbing finding for me. Because it means that anyone connected to my WiFi router can play games with my router. Could be worse. A malicious site could send potentially dangerous requests to my router!
This got me thinking about trust. I generally trust people with my WiFi password. But that's all they need to mess around with the network. The admin panel has only been giving me a false sense of security (as far as this router is concerned).
Troy Hunt has an amazing post titled "no, you can't join my wifi network". And you know what? He's right. We shouldn't be sharing our WiFi passwords! Some malicious site could be messing around with the router!
Sorry. I can't be your true friend.
I've been taking routers for granted so far and just stuck with what worked all this while. Time to change that.
And I'm going to change my router at the earliest... which will kind of render my CLI useless... so back to square one!