Re: The default IP Addresses just as bad
Well, the address ranges can't be helped. 192.168/16 is the designated C-class private address range. Any router outside yours that gets such an address is supposed to drop it, so it's a security feature. Even if your router tried a different address (BTW, most allow you to set it within reason), it wouldn't be hard for a malware to do an exhaustive search of 65,536 possible IPs, plus most can figure it out based on the victim's own IP (which normally has to have the same subnet to be visible on the router's network). The attack you describe appears to be based on cross-site scripting and can probably be mitigated by two things: (1) a router with a short timeout period, meaning an attempt to hit the router discretely results in either a password prompt or a 401 error, and (2) a browser savvy to XSS attempts.