1. Given the media intensity given to the Corona or Wuhan virus, there seems no reason to have posts on that very specific subject in several forums Accordingly, all of those posts will be moved to "Headlines". All new items on that subject should be posted there as well. This notice will expire on 1 April, or be extended if needed. Thanks, folks.

a botnet has taken control of 100,000 vulnerable routers

Discussion in 'Technical' started by sec_monkey, Nov 13, 2018.

  1. sec_monkey

    sec_monkey SM Security Administrator

    Last edited: Nov 13, 2018
    BenP, techsar, Bandit99 and 1 other person like this.
  2. TnAndy

    TnAndy Senior Member Founding Member

    OK...I didn't get much from the article. What real world implications does this have for me, assuming I have an infected router ?
    sec_monkey and Gator 45/70 like this.
  3. HK_User

    HK_User A Productive Monkey is a Happy Monkey Site Supporter

  4. 3M-TA3

    3M-TA3 Cold Wet Monkey Site Supporter++

    It's always a good time to see if there is updated firmware for your router (and other network, storage, etc.equipment)

    I just did mine and will follow up daily for at least the next week.
    sec_monkey and Gator 45/70 like this.
  5. BTPost

    BTPost Stumpy Old Fart Snow Monkey Moderator

    Or, you can just RELOAD the firware in your Router, and that will dump the infecting Code... You will still be vulnerable to reInfection, but that is just the way it goes...
    sec_monkey, Gator 45/70 and 3M-TA3 like this.
  6. sec_monkey

    sec_monkey SM Security Administrator

    YMMV, sorry to say the reload trick does not always work :( :cry:

    some malware is real persistent n can be real difficult to get rid of
  7. sec_monkey

    sec_monkey SM Security Administrator

    if ya have an infected router yer in yuuuuuuuuuuuuuuuuuuuuge trouble, even if ya have a vulnerable router yer in yuuuuuuuuge trouble, these botnets typically attack other devices on the internet n will use up yer bandwidth, will probably get yer IPs blocked n might steal all of yer data as it flows through the router

    thing is most folks completely forget about their routers plus other network equipment n that leaves folks vulnerable to real bad stuff

    best thing to do is to build yer own router if ya have the skills, if ya do not, ya can buy a new more specialized router from a couple of companies online or [ shameless plug ] ya can order a router from us

    this is potentially serious stuff so it does not matter to us where ya get a gud router from as long as it is a gud router from a fairly gud vendor

    none of the vendors that all yall are familiar with would qualify, all of em have a yuuuuuuuge list of vulnerabilities

    the typical consumer router has about 100 to 800 vulnerabilities, plus or minus a few

    even our enterprise Cisco routers have at least 8 critical vulnerabilities plus several other vulnerabilities, those Cisco routers are no longer in use

    there are only about 2 online companies we would cautiously recommend at this point, we cannot guarantee they are 100% safe. The routers they make run Unix, and they are relatively expensive

    if ya want to get a router from us please send a PM over, any router we build is not going to be 100% safe either, it will jus have fewer more easily patched vulnerabilities than most other routers plus it will be a lot more customisable, our routers can run Unix or Linux

    we can also take a suitable old desktop PC [ preferably AMD ] and convert that into a router, it will require a few brand new parts and a new SSD or something and probably shipping back and forth

    due to the extremely serious Intel Meltdown, Spectre 1, 2, 1.1, 2.1 plus other vulnerabilities we strongly recommend against using an Intel PC or Intel based device as a router

    having said that if yall want to use Intel anyhow we can use an Intel device as a router with strongly worded disclaimers

    besides the 116 plus plus different router models that have been infected many others are vulnerable including Ubiquiti plus Mikrotik plus Cisco Enterprise plus Juniper plus effectively most or all consumer routers regardless of who makes em

    UPNP is one of the least secure things ever invented
    Last edited: Nov 14, 2018
    Thunder5Ranch likes this.
  8. Thunder5Ranch

    Thunder5Ranch Monkey+++

    I think of router infections like the Unholy Mother of all spyware as one of their features is intercepting your entire data stream and logging everything that you send and receive. Missed one a few months back and it cost me $3,700+ at walmart.com fortunately the bank refunded it. Much more difficult to detect and deal with than hard drive malware! Found mine when my data usage jumped 8X what it normally is and I thought I had my router secured.
    sec_monkey likes this.
  9. Thunder5Ranch

    Thunder5Ranch Monkey+++

    2 step authentication software is also real handy in protecting yerself............ and it would just be foolish now days to not be running 2 step Email verification. Different issues from the router problems but both of those help minimize router infection impacts.
    sec_monkey likes this.
  10. sec_monkey

    sec_monkey SM Security Administrator

    [chopper] @Thunder5Ranch

    the Unix system has Two-Factor Authentication

    the Linux version of the router can be configured to support various Two-Factor Authentication systems, a few of which cost extra because they are hardware based [ these will work under Linux and should work under Unix as well ]
    Thunder5Ranch likes this.
  11. Thunder5Ranch

    Thunder5Ranch Monkey+++

    I am starting to think hardware based is better now days as more and more of the malware is inserting itself into the hardware where anti virus/spyware programs miss it big time.
    sec_monkey likes this.
  12. sec_monkey

    sec_monkey SM Security Administrator

    yep yep :) :)

    dedicated hardware based Two-Factor Authentication is the way to go (y) (y)

    other Two-Factor Authentication methods, such as cell phones, are insecure (n) (n)
    Zimmy and Thunder5Ranch like this.
survivalmonkey SSL seal        survivalmonkey.com warrant canary