Malware targets routers

There was a recent discovery that about half a million routers were infected with VPNFilter, malware targeting routers. May or may not be related but it seemed strange to me -- for the last month or two months I've had seriously throttled traffic to ATS, and there have been some threads up on it, so I know I wasn't the only one.

Norton

Anyways, I saw that my router was on the list of the routers that could be affected:

Linksys E1200
Linksys E2500
Linksys WRVS4400N
Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
Netgear DGN2200
Netgear R6400
Netgear R7000
Netgear R8000
Netgear WNR1000
Netgear WNR2000
QNAP TS251
QNAP TS439 Pro
Other QNAP NAS devices running QTS software
TP-Link R600VPN

I checked for new firmware yesterday and indeed, Netgear did have something out listing security feature updates. I upgraded, reset to default settings, as recommended in case one is infected.

And I have to report, I don't know if my router was infected or not, no way to know, or if in the process I deleted something else that was on the router -- but my ATS issues seem to have been fixed. It could be a coincidence but most of my lag that I've been having over the last couple of months on here is gone.

My thoughts are, even if it wasn't VPNFilter, we're all juicy targets of alphabet agencies just for frequenting this site -- something else could have piggybacked onto my router and the Netgear fix took it off as well... who knows, I have no proof of it one way or the other... but I recommend checking for a firmware upgrade for your router if you're having ATS issues.

Chances are the creators of router malware didn't even know how to do it until they learned it from CIA tutorials Wikileaks released last year.

Be careful and good luck!

That's exactly what the nsa would say if they wanted everybody to update to their new butt-sniffing grade firmware.

What do?

originally posted by: Mandroid7
That's exactly what the nsa would say if they wanted everybody to update to their new butt-sniffing grade firmware.

What do?

True, but it fixed my ATS problems. Are you saying ATS is accomplice?

a reply to: Kharron

No, it's been slow for a while. I did a thread on it the other day. I was getting fast speeds with my vpn activated and slooooooow 1-2 min loading w/o. I suspected it was isp filtering. I was getting same issue w thepiratebay too. I know the isp's had filtering requests for that site.
Tough telling where the slowdown is. Ats may be overloaded, or the isp's may be playing games.
Ats has been fast for me lately, no vpn.

a reply to: Kharron

if they are into midget porn, they would love to get into my PC, but other than that, it's pretty boring. Just leave my bandwidth alone.

a reply to: Kharron

I use non standard (non manufacturer) firmware on all my routers, modified and compiled in my lab. If you want to avoid issues, do the hard work yourself. No one has your best interests at heart, like yourself.

Cheers - Dave

originally posted by: bobs_uruncle
a reply to: Kharron

I use non standard (non manufacturer) firmware on all my routers, modified and compiled in my lab. If you want to avoid issues, do the hard work yourself. No one has your best interests at heart, like yourself.

Cheers - Dave

That's a great idea, did not know that was a thing. I'll look into it, thanks.

a reply to: Kharron
My router is not on the list.
And I have been having issues off and on with ATS....and now one other site.

originally posted by: bobs_uruncle
a reply to: Kharron

I use non standard (non manufacturer) firmware on all my routers, modified and compiled in my lab. If you want to avoid issues, do the hard work yourself. No one has your best interests at heart, like yourself.

Cheers - Dave

just out of curiosity would you mind sharing what you have done while rolling your own router? Are you using special hardware or something like a standard PC with NIC's? Are you using IP tables in Linux or are you using some router software/OS and just using your own config within this software (pfSense, ClearOs, etc)?

I'd like to talk to you more about setting one up as I've been frustrated in the past with pfSense getting it to distribute across 2 ISP's (but that is no longer an issue I just use one.)

originally posted by: DontTreadOnMe
a reply to: Kharron
My router is not on the list.
And I have been having issues off and on with ATS....and now one other site.

And it's very, very possible this is unrelated and my issues with ATS speed may come back.

But, if it is related, I thought I'd let people know to check for firmware upgrades if they use those routers.

originally posted by: Kharron

originally posted by: bobs_uruncle
a reply to: Kharron

I use non standard (non manufacturer) firmware on all my routers, modified and compiled in my lab. If you want to avoid issues, do the hard work yourself. No one has your best interests at heart, like yourself.

Cheers - Dave

That's a great idea, did not know that was a thing. I'll look into it, thanks.

Unless you know what firmware consists of and you are at a VERY HIGH LEVEL of tech skills , please dont.
It's not as easy as snapping your fingers , and one little tiny mistake and congratulations you have just "bricked" that device.From then on it makes a great paper-weight.

originally posted by: DontTreadOnMe
a reply to: Kharron
My router is not on the list.
And I have been having issues off and on with ATS....and now one other site.

Some of the issue (if not all) is that the servers that are running Linux and Windows have been updated to account for the Spectre and Meltdown flaws . It is causing up to 30% performance loss on those servers. And most routers run a Linux NOS .There is a workaround , yet not a very good idea. Also , your system has probably been updated.

originally posted by: DigginFoTroof

originally posted by: bobs_uruncle
a reply to: Kharron

I use non standard (non manufacturer) firmware on all my routers, modified and compiled in my lab. If you want to avoid issues, do the hard work yourself. No one has your best interests at heart, like yourself.

Cheers - Dave

just out of curiosity would you mind sharing what you have done while rolling your own router? Are you using special hardware or something like a standard PC with NIC's? Are you using IP tables in Linux or are you using some router software/OS and just using your own config within this software (pfSense, ClearOs, etc)?

I'd like to talk to you more about setting one up as I've been frustrated in the past with pfSense getting it to distribute across 2 ISP's (but that is no longer an issue I just use one.)

Dd-wrt has the firmware available stock for a wide variety of routers. I just grab the source code and compile it myself after making a few little mods to tighten it up and cause a bit of obfuscation. A lot of these hacks look for exploits that involve overflows and errant call returns, so they in effect load the stack and force vectoring into a protected routine. By modding the software to catch stack overflows and data overflow exploits, while at the same time re-ordering the routines, it makes it extremely difficult to break in. Another good one is preloading the stack with a forced return address so the router reboots during stack overflow, rather than failing midway in a protected routine.

Eta: as an aside, I have run triple triplets, or 3 routers literally in series with different base triplets like 192.168.40.x on the first, 192.168.70 on the second and then my protected machines at 192.168.157.x. You may get to the first triplet, you may even exploit it, but the second watches for scans and shuts down. You'll never get to the third one, or at least it's extremely improbable. It's called nesting and allows you to use each of the NAT's the same or differently if you like. It also gives you different levels of wifi and group security based on their native triplet.

Here's the link for DD-WRT.

Cheers - Dave