Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User AdrianPH
(member) Tue 03-Jan-17 06:16:28
Print Post

Asus routers (cable type) security warning.


[link to this post]
 
This hack is happening , people are seeing their routers accessed and reset. Something/body is logging in using the owners credentials ( which is clearly recorded in the logs ) they get in on the first attempt.

Telnet, SSH , UPNP , Access from Wan are all suspect.

There are a number of threads at the SNB forums .

http://www.snbforums.com/threads/security-reminder-t...

http://www.snbforums.com/threads/was-my-routers-user...

http://www.snbforums.com/threads/malicious-access-on...

http://www.snbforums.com/threads/what-does-this-log-...

Whether this problem is with both factory and 3rd party firmware isn't yet known . Many users rarely look at their logs and wouldn't be aware of anything happening.

Edited by AdrianPH (Tue 03-Jan-17 06:37:49)

Standard User caffn8me
(knowledge is power) Wed 04-Jan-17 00:51:14
Print Post

Re: Asus routers (cable type) security warning.


[re: AdrianPH] [link to this post]
 
Home routers in general are facing a mass onslaught at the moment.

Looking through my firewall logs, there have been 177 attempts to connect via telnet, SSH or ports associated with the Mirai malware in the last forty minutes.

Looking through my mail server logs earlier, I noticed a UK Virgin Business static IP address which seemed to be infected with something that was trying to slam spam to my mail server. A quick poke around on Shodan and it seems the router has port forwarding open to a vulnerable Hikvision IP Camera which is now happily part of a botnet.

Email spam is at a very high level at the moment too; 2,917 emails rejected as spam or malware in the past six days on my two mail servers. That's far higher than usual.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Standard User AdrianPH
(member) Wed 04-Jan-17 06:26:32
Print Post

Re: Asus routers (cable type) security warning.


[re: caffn8me] [link to this post]
 
Indeed there is a constant flow of bots attempting to find access , however this is something new.

Routers have been accessed using the owners username and password and they do this in one attempt. Once in they alter ports and settings , If owners change the settings back and replace the password, the attacker is back in the same day.


Register (or login) on our website and you will not see this ad.

Standard User micksharpe
(legend) Wed 04-Jan-17 08:07:39
Print Post

Re: Asus routers (cable type) security warning.


[re: caffn8me] [link to this post]
 
Since I block all incoming requests on my router (which is the default setting), I don't bother logging them. However, I am getting 4-6 requests per minute -- so probably around 300 requests per hour.
Standard User Zadeks
(experienced) Wed 04-Jan-17 10:59:12
Print Post

Re: Asus routers (cable type) security warning.


[re: AdrianPH] [link to this post]
 
Nothing new in the world of router security. None of these services should be accessible from the WAN.
Standard User ukhardy07
(knowledge is power) Wed 04-Jan-17 12:58:08
Print Post

Re: Asus routers (cable type) security warning.


[re: AdrianPH] [link to this post]
 
People should be asking themselves, why are they using cleartext protocols like telnet in the first place?
  Print Thread

Jump to