It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Newly discovered router flaw being hammered by in-the-wild attacks
page: 14
share:
A new router exploit has started. Thought I would post this so members could be aware and check there equipment.
Looks like it's a mostly equipment supplied by ISPs in Europe.
Looks like it's a mostly equipment supplied by ISPs in Europe.
Routers provided to German and Irish ISP customers for Deutsche Telekom and Eircom, respectively, have already been identified as being vulnerable, according to recently published reports from researchers tracking the attacks. The attacks exploit weaknesses found in routers made by Zyxel, Speedport, and possibly other manufacturers. The devices leave Internet port 7547 open to outside connections. The exploits use the opening to send commands based on the TR-069 and related TR-064 protocols, which ISPs use to remotely manage large fleets of hardware. According to this advisory published Monday morning by the SANS Internet Storm Center, honeypot servers posing as vulnerable routers are receiving exploits every five to 10 minutes.
...
People who want to lock down their routers and have the necessary technical skills should reboot them and immediately check to see if the devices are listening for incoming commands on port 7547. As mentioned above, most Mirai-infected devices will be locked down and will display few indications of compromise, although frequent reboots have been reported in a least some cases. Generally speaking, IoT devices are disinfected each time they're restarted. A good practice is to reboot them and immediately lock them down with a strong password, or, better yet, to disable remote administration.
Read more at this Link
edit on 11/28/2016 by roadgravel because: (no reason given)
Oftentimes, if these are I'm fact rented devices (not sure how it works in Europe), much of the firmware configuration options are locked down. If
the ISP's are in fact keeping that port open for RA then the ISP's need to fix it.
a reply to: Tempter
In Europe and the United Kingdom we do not us that model(Renting routers)
The ISP's supply the routers free of charge or generally you are free to use your own.
This issue we saw not so long ago with routers with default username and password.
This allowed the lights on the router to be have as normal but once we remote into the
routers we found the LAN ports had been disabled amongst other evil deeds the miscreants
where able to perform.
Easily resolved but drove us mad for a good month or so having to sort peoples routers out remote.
Still get the odd router infected by that virus (Moose).
Now with this new one out in the wild my work load is bound to increase.
The amount of people that use default router logins or ISP's that send out routers with default logins!
In Europe and the United Kingdom we do not us that model(Renting routers)
The ISP's supply the routers free of charge or generally you are free to use your own.
This issue we saw not so long ago with routers with default username and password.
This allowed the lights on the router to be have as normal but once we remote into the
routers we found the LAN ports had been disabled amongst other evil deeds the miscreants
where able to perform.
Easily resolved but drove us mad for a good month or so having to sort peoples routers out remote.
Still get the odd router infected by that virus (Moose).
Now with this new one out in the wild my work load is bound to increase.
The amount of people that use default router logins or ISP's that send out routers with default logins!
The article speculated that patches would have to be uploaded. This might be complicated by malware on an affect device.
new topics
-
Gov Kristi Noem Shot and Killed "Less Than Worthless Dog" and a 'Smelly Goat
2024 Elections: 26 minutes ago -
Falkville Robot-Man
Aliens and UFOs: 40 minutes ago -
James O’Keefe: I have evidence that exposes the CIA, and it’s on camera.
Whistle Blowers and Leaked Documents: 1 hours ago -
Australian PM says the quiet part out loud - "free speech is a threat to democratic dicourse"...?!
New World Order: 2 hours ago -
Ireland VS Globalists
Social Issues and Civil Unrest: 2 hours ago -
Biden "Happy To Debate Trump"
Mainstream News: 3 hours ago -
RAAF airbase in Roswell, New Mexico is on fire
Aliens and UFOs: 3 hours ago -
What is the white pill?
Philosophy and Metaphysics: 4 hours ago -
Mike Pinder The Moody Blues R.I.P.
Music: 5 hours ago -
Putin, Russia and the Great Architects of the Universe
ATS Skunk Works: 8 hours ago
top topics
-
A Warning to America: 25 Ways the US is Being Destroyed
New World Order: 13 hours ago, 21 flags -
Biden "Happy To Debate Trump"
Mainstream News: 3 hours ago, 7 flags -
Mike Pinder The Moody Blues R.I.P.
Music: 5 hours ago, 7 flags -
What is the white pill?
Philosophy and Metaphysics: 4 hours ago, 5 flags -
Australian PM says the quiet part out loud - "free speech is a threat to democratic dicourse"...?!
New World Order: 2 hours ago, 5 flags -
RAAF airbase in Roswell, New Mexico is on fire
Aliens and UFOs: 3 hours ago, 4 flags -
Putin, Russia and the Great Architects of the Universe
ATS Skunk Works: 8 hours ago, 3 flags -
Ireland VS Globalists
Social Issues and Civil Unrest: 2 hours ago, 3 flags -
James O’Keefe: I have evidence that exposes the CIA, and it’s on camera.
Whistle Blowers and Leaked Documents: 1 hours ago, 3 flags -
Falkville Robot-Man
Aliens and UFOs: 40 minutes ago, 1 flags
4