Router hack, have you acted?

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
User avatar
StevieG72
Posts: 819
Joined: Wed Feb 05, 2014 9:00 pm

Router hack, have you acted?

Post by StevieG72 » Tue May 29, 2018 9:13 pm

I am sure most have heard about the recent router hack.

Have you done anything?

I did a factory reset on my router, updated the firmware, changed passwords, and tweeked security settings.

The list of likely impacted models is likely incomplete. My manufacturer was listed, but not the specific model number.

Some folks are perfectly happy with the default settings including passwords!
Fools think their own way is right, but the wise listen to others.

User avatar
Will do good
Posts: 675
Joined: Fri Feb 24, 2012 8:23 pm

Re: Router hack, have you acted?

Post by Will do good » Tue May 29, 2018 9:14 pm

I Rebooted and changed password.

student
Posts: 2509
Joined: Fri Apr 03, 2015 6:58 am

Re: Router hack, have you acted?

Post by student » Tue May 29, 2018 9:33 pm

I did not reset my router. The FBI suggested that one should reboot and update the firmware.

https://www.ic3.gov/media/2018/180525.aspx

"The FBI recommends any owner of small office and home office routers power cycle (reboot) the devices." Later it added "Network devices should be upgraded to the latest available versions of firmware."

bob60014
Posts: 610
Joined: Mon Jul 31, 2017 8:59 pm
Location: The Land Beyond ORD

Re: Router hack, have you acted?

Post by bob60014 » Tue May 29, 2018 9:42 pm

"The size and scope of the infrastructure impacted by VPNFilter malware is significant. The malware targets routers produced by several manufacturers and network-attached storage devices by at least one manufacturer. The initial infection vector for this malware is currently unknown."

It would be nice if the router's were named along with the NAS device.

User avatar
GerryL
Posts: 1766
Joined: Fri Sep 20, 2013 11:40 pm

Re: Router hack, have you acted?

Post by GerryL » Tue May 29, 2018 9:43 pm

I got up from reading the article and turned my router off and then back on. Something I had not done in a couple of months.
My router is not one of the ones listed in the article, but I figured it couldn't hurt.

ResearchMed
Posts: 7066
Joined: Fri Dec 26, 2008 11:25 pm

Re: Router hack, have you acted?

Post by ResearchMed » Tue May 29, 2018 9:50 pm

Does just turning it off and then back on "do the trick"?

We did select our own password when we set it up.
(We never stick with the default password, etc., fortunately. Or maybe that's not enough these days?)

Thanks!

RM
This signature is a placebo. You are in the control group.

DetroitRick
Posts: 586
Joined: Wed Mar 23, 2016 9:28 am

Re: Router hack, have you acted?

Post by DetroitRick » Tue May 29, 2018 10:20 pm

Haven't done much of anything. Checked the router to make sure the DNS settings haven't been changed, did same with PC settings. Just in case, but no problems now. Had previously changed router default access code anyway, as well as altering the network id's so that they don't reveal the specific router name and model to assist potential hackers.

I have ATT U-verse, and ATT pushes out firmware updates on their schedule, but I checked this past weekend to make sure my current firmware is pretty recent. It is. I reboot router every month or so anyway. I'll only bother with a full router reset if absolutely necessary, but don't see the risk yet.

Nicolas
Posts: 1034
Joined: Wed Aug 22, 2012 7:41 am

Re: Router hack, have you acted?

Post by Nicolas » Tue May 29, 2018 10:28 pm

Yes I updated firmware and tightened security by disabling WPS. I changed the admin password to the maximum number of chars using a totally random password generated by LastPass. Then I rebooted and set it up for twice-weekly auto reboots to take place in the wee hours. I told members of my family to do likewise but no-one responded.

User avatar
unclescrooge
Posts: 2372
Joined: Thu Jun 07, 2012 7:00 pm

Re: Router hack, have you acted?

Post by unclescrooge » Tue May 29, 2018 10:37 pm

I rebooted and changed passwords to something much stronger.

Remote admin was already turned off. Would that have been sufficient to prevent the hack?

User avatar
munemaker
Posts: 3400
Joined: Sat Jan 18, 2014 6:14 pm

Re: Router hack, have you acted?

Post by munemaker » Tue May 29, 2018 10:43 pm

I am not worried about it. There are a lot of routers in this country. The chances of the bad guys coming after mine are pretty small.

SittingOnTheFence
Posts: 294
Joined: Sun Sep 27, 2015 5:30 pm

Re: Router hack, have you acted?

Post by SittingOnTheFence » Wed May 30, 2018 12:47 am

My 3 wifi routers are not directly connected to the internet.
They are all behind a very robust pfSense firewall.
My primary wifi reboots itself automatically every week.
The other 2 are rarely used, one of them is an old wrt54g in my basement to give greater coverage when I happen to be there. I do plan on changing it's firmware to DD-WRT when I find time. The other is on the published list. It has the most recent available firmware update and has been rebooted. But that firmware update is from Dec so doubtful that it matters and hopefully a newer update will come along in the not too distant future.

VPNFilter malware is out of Russia and suspected by be govt sponsered. It installs in 3 stages. As of this weekend the discoverer of this bad boy had not figured out how the infection is made. The first stage infects your router firmware, presumably via default passwords and maybe zeroday vulnerabilities. Once this happens, the 2nd stage goes out and gets the payload which is capable of taking over your device. Govt authorities have taken down the sites that the 1st stage contacts. I don't recall what the 3rd stage does, I believe it just sits there waiting to serve up chaos on demand. Parts of this malware were distributed via shared files at photobucket. It used the metadata on those files to provide info for finding the hosting sites containing other stages of the malware. The gory details are available from a cisco blog called talos intelligence group blog. At the end of the post they list some folders that are created for their dirty work. You would need admin access to your routers system files to check that, most routers don't provide that access to end users.

The reason for rebooting the router is to wipe out the 2nd & 3rd stages (if you are infected). Apparently the first stage is there permanently. Not sure if a firmware update can disable it or not. But since the sites hosting the 2nd stage infection have been taken down rebooting renders it harmless....for now.

User avatar
Pancakes-Eggs-Bacon
Posts: 151
Joined: Wed May 02, 2018 6:17 am

Re: Router hack, have you acted?

Post by Pancakes-Eggs-Bacon » Wed May 30, 2018 1:28 am

munemaker wrote:
Tue May 29, 2018 10:43 pm
I am not worried about it. There are a lot of routers in this country. The chances of the bad guys coming after mine are pretty small.
Many attacks like this are opportunistic, not targeted. Someone with enough bandwidth can scan the entire Internet's IPv4 address space (about 4 billion addresses) in less than a day. In other words, they can hit the entire Internet at least once per day, and any device that is vulnerable to their attack will be exploited automatically.

lotusflower
Posts: 170
Joined: Thu Oct 24, 2013 12:32 am

Re: Router hack, have you acted?

Post by lotusflower » Wed May 30, 2018 1:47 am

ResearchMed wrote:
Tue May 29, 2018 9:50 pm
Does just turning it off and then back on "do the trick"?
It seems like that will help. An article I read stated that the feds had taken over a known rogue server, and by rebooting infected router they will receive a connection from it which will help them
https://www.cnet.com/news/the-fbi-wants ... -a-botnet/
According to the FBI, rebooting your router will destroy the part of the malware that can do nasty things like spy on your activities, while leaving the install package intact. And when that install package phones home to download the nasty part, the FBI will be able to trace that -- because the US government says it's seized a critical domain that the Russian hackers were allegedly using.

retired recently
Posts: 300
Joined: Sun Oct 04, 2009 6:09 pm

Re: Router hack, have you acted?

Post by retired recently » Wed May 30, 2018 4:49 am

We turn ours off every night before going to bed. Hopefully, that provides us with some protection...

Why would folks leave it on if you are sleeping?

BHUser27
Posts: 632
Joined: Mon Jan 18, 2016 3:07 pm
Location: A Midwestern Town

Re: Router hack, have you acted?

Post by BHUser27 » Wed May 30, 2018 5:43 am

PC Magazine has a list of affected routers in their article.
https://www.pcmag.com/news/361431/is-yo ... er-malware

I just checked and Netgear had new firmware available for my router, so I updated.

Linksys E1200
Linksys E2500
Linksys WRVS4400N
Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
Netgear DGN2200
Netgear R6400
Netgear R7000
Netgear R8000
Netgear WNR1000
Netgear WNR2000
QNAP TS251
QNAP TS439 Pro
Other QNAP NAS devices running QTS software
TP-Link R600VPN

inbox788
Posts: 5381
Joined: Thu Mar 15, 2012 5:24 pm

Re: Router hack, have you acted?

Post by inbox788 » Wed May 30, 2018 5:46 am

bob60014 wrote:
Tue May 29, 2018 9:42 pm
It would be nice if the router's were named along with the NAS device.
It's probably still evolving, but here's a list of devices by Linksys, Mikrotik, Netgear, QNAP, and TP-Link.
https://en.wikipedia.org/wiki/VPNFilter#Devices_at_Risk

My router brand isn't mentioned. so I'll ignore it for now. I also checked the router firmware and while I'm a little behind, the most recent fixes don't mention VPNFilter Malware by name, but did fix a few things including some CVE-#### items. So I should update it soon, but I'll take my chances not rushing and panicking over it.

aqan
Posts: 393
Joined: Fri Nov 06, 2015 7:07 am

Re: Router hack, have you acted?

Post by aqan » Wed May 30, 2018 6:11 am

munemaker wrote:
Tue May 29, 2018 10:43 pm
I am not worried about it. There are a lot of routers in this country. The chances of the bad guys coming after mine are pretty small.
FYI Chances of bad guys randomly choosing you are exactly the same as choosing any other router in this country.

SleepKing
Posts: 242
Joined: Mon Mar 02, 2015 8:45 am

Re: Router hack, have you acted?

Post by SleepKing » Wed May 30, 2018 7:06 am

We also updated firmware, changed passwords, rebooted. I think that is more than 95% of the USA and world have done at this point. Most people i've asked about this have no idea what is going on.

blueman457
Posts: 387
Joined: Sun Jul 26, 2015 12:19 pm

Re: Router hack, have you acted?

Post by blueman457 » Wed May 30, 2018 7:09 am

retired recently wrote:
Wed May 30, 2018 4:49 am
We turn ours off every night before going to bed. Hopefully, that provides us with some protection...

Why would folks leave it on if you are sleeping?
Why do you turn it off when you’re sleeping?

I leave my router on overnight so my devices can download updates and computers can back themselves up.

I think restarting a router nightly is a reasonable idea. I did restart my Apple router even though it isn’t listed.

bampf
Posts: 197
Joined: Thu Aug 04, 2016 6:19 pm

Re: Router hack, have you acted?

Post by bampf » Wed May 30, 2018 7:13 am

aqan wrote:
Wed May 30, 2018 6:11 am
munemaker wrote:
Tue May 29, 2018 10:43 pm
I am not worried about it. There are a lot of routers in this country. The chances of the bad guys coming after mine are pretty small.
FYI Chances of bad guys randomly choosing you are exactly the same as choosing any other router in this country.
Security through obscurity is as dangerous as it is stupid. This isn't some neckbeard at a keyboard with sandwich and a bottle of jolt cola. This is a group of weaponized applications and engineers developing automation that exploits any and all vulnerable endpoints. If you only knew how many times a day your particular endpoint was probed you would probably lose your mind. Picture 500 people walking up to your door everyday checking to see if it is locked. Not locked? Excellent. Except those 500 people are robots and they execute their task instantly and automatically. You may not know and you may not care, but, make no mistake you are likely exploitable if you are not managing your endpoint.

Leesbro63
Posts: 5440
Joined: Mon Nov 08, 2010 4:36 pm

Re: Router hack, have you acted?

Post by Leesbro63 » Wed May 30, 2018 7:18 am

How do you update firmware? Does resetting the router automatically do that? I reset mine and it took a longer than usual time, I think, to reset. Maybe it was updating?

User avatar
bltkmt
Posts: 113
Joined: Fri Mar 01, 2013 4:56 pm

Re: Router hack, have you acted?

Post by bltkmt » Wed May 30, 2018 7:35 am

SittingOnTheFence wrote:
Wed May 30, 2018 12:47 am
My primary wifi reboots itself automatically every week.
Curious how you enabled this, as I would like mine to do that.

kerplunk
Posts: 772
Joined: Sun Apr 17, 2011 9:58 pm

Re: Router hack, have you acted?

Post by kerplunk » Wed May 30, 2018 7:37 am

Leesbro63 wrote:
Wed May 30, 2018 7:18 am
How do you update firmware? Does resetting the router automatically do that? I reset mine and it took a longer than usual time, I think, to reset. Maybe it was updating?
Go to your router configuration, usually at http://192.168.1.1 and find the software update section.

User avatar
munemaker
Posts: 3400
Joined: Sat Jan 18, 2014 6:14 pm

Re: Router hack, have you acted?

Post by munemaker » Wed May 30, 2018 7:56 am

bampf wrote:
Wed May 30, 2018 7:13 am
aqan wrote:
Wed May 30, 2018 6:11 am
munemaker wrote:
Tue May 29, 2018 10:43 pm
I am not worried about it. There are a lot of routers in this country. The chances of the bad guys coming after mine are pretty small.
FYI Chances of bad guys randomly choosing you are exactly the same as choosing any other router in this country.
Security through obscurity is as dangerous as it is stupid. This isn't some neckbeard at a keyboard with sandwich and a bottle of jolt cola. This is a group of weaponized applications and engineers developing automation that exploits any and all vulnerable endpoints. If you only knew how many times a day your particular endpoint was probed you would probably lose your mind. Picture 500 people walking up to your door everyday checking to see if it is locked. Not locked? Excellent. Except those 500 people are robots and they execute their task instantly and automatically. You may not know and you may not care, but, make no mistake you are likely exploitable if you are not managing your endpoint.
It is good to run this check to see if your equipment is exposed to hackers:
https://www.grc.com/x/ne.dll?bh0bkyd2

bampf
Posts: 197
Joined: Thu Aug 04, 2016 6:19 pm

Re: Router hack, have you acted?

Post by bampf » Wed May 30, 2018 8:08 am

munemaker wrote:
Wed May 30, 2018 7:56 am

It is good to run this check to see if your equipment is exposed to hackers:
https://www.grc.com/x/ne.dll?bh0bkyd2
I have no way of knowing, but, clicking random links on a message board is generally a foolish idea. This may be just fine, it may be an exploit. Do your own due diligence.

NextMil
Posts: 412
Joined: Wed Dec 13, 2017 12:33 pm

Re: Router hack, have you acted?

Post by NextMil » Wed May 30, 2018 8:16 am

bampf wrote:
Wed May 30, 2018 8:08 am
munemaker wrote:
Wed May 30, 2018 7:56 am

It is good to run this check to see if your equipment is exposed to hackers:
https://www.grc.com/x/ne.dll?bh0bkyd2
I have no way of knowing, but, clicking random links on a message board is generally a foolish idea. This may be just fine, it may be an exploit. Do your own due diligence.
It could also be Rick Astley.

User avatar
munemaker
Posts: 3400
Joined: Sat Jan 18, 2014 6:14 pm

Re: Router hack, have you acted?

Post by munemaker » Wed May 30, 2018 8:20 am

NextMil wrote:
Wed May 30, 2018 8:16 am
bampf wrote:
Wed May 30, 2018 8:08 am
munemaker wrote:
Wed May 30, 2018 7:56 am

It is good to run this check to see if your equipment is exposed to hackers:
https://www.grc.com/x/ne.dll?bh0bkyd2
I have no way of knowing, but, clicking random links on a message board is generally a foolish idea. This may be just fine, it may be an exploit. Do your own due diligence.
It could also be Rick Astley.
Just because you are paranoid does not mean they are not out to get you.

student
Posts: 2509
Joined: Fri Apr 03, 2015 6:58 am

Re: Router hack, have you acted?

Post by student » Wed May 30, 2018 8:30 am

kerplunk wrote:
Wed May 30, 2018 7:37 am
Leesbro63 wrote:
Wed May 30, 2018 7:18 am
How do you update firmware? Does resetting the router automatically do that? I reset mine and it took a longer than usual time, I think, to reset. Maybe it was updating?
Go to your router configuration, usually at http://192.168.1.1 and find the software update section.
+1. Note that some older routers require one to download the user to download it separately and then apply it "manually" rather than one-click setup.

User avatar
lthenderson
Posts: 3425
Joined: Tue Feb 21, 2012 12:43 pm
Location: Iowa

Re: Router hack, have you acted?

Post by lthenderson » Wed May 30, 2018 8:35 am

student wrote:
Wed May 30, 2018 8:30 am
kerplunk wrote:
Wed May 30, 2018 7:37 am
Leesbro63 wrote:
Wed May 30, 2018 7:18 am
How do you update firmware? Does resetting the router automatically do that? I reset mine and it took a longer than usual time, I think, to reset. Maybe it was updating?
Go to your router configuration, usually at http://192.168.1.1 and find the software update section.
+1. Note that some older routers require one to download the user to download it separately and then apply it "manually" rather than one-click setup.
Mine is this way. I just read this thread, downloaded the update and rebooted. I never used the factory password from the box so I'm not sure I need to change the password or not.

User avatar
oldcomputerguy
Posts: 3224
Joined: Sun Nov 22, 2015 6:50 am
Location: In the middle of five acres of woods

Re: Router hack, have you acted?

Post by oldcomputerguy » Wed May 30, 2018 8:41 am

student wrote:
Wed May 30, 2018 8:30 am
kerplunk wrote:
Wed May 30, 2018 7:37 am
Leesbro63 wrote:
Wed May 30, 2018 7:18 am
How do you update firmware? Does resetting the router automatically do that? I reset mine and it took a longer than usual time, I think, to reset. Maybe it was updating?
Go to your router configuration, usually at http://192.168.1.1 and find the software update section.
+1. Note that some older routers require one to download the user to download it separately and then apply it "manually" rather than one-click setup.
I just updated my firmware, power-cycled the box, and changed its password. I also just took a fresh look at all the router's settings looking for unnecesary exposure, found a section in the setup that controlled whether the router was manageable from the outside world, and noted that this was "disabled". Might be worth checking on one's router.
It’s taken me a lot of years, but I’ve come around to this: If you’re dumb, surround yourself with smart people. And if you’re smart, surround yourself with smart people who disagree with you.

User avatar
oldcomputerguy
Posts: 3224
Joined: Sun Nov 22, 2015 6:50 am
Location: In the middle of five acres of woods

Re: Router hack, have you acted?

Post by oldcomputerguy » Wed May 30, 2018 8:42 am

munemaker wrote:
Wed May 30, 2018 7:56 am
It is good to run this check to see if your equipment is exposed to hackers:
https://www.grc.com/x/ne.dll?bh0bkyd2
Seriously? Download and run an unknown DLL?

I think not.
It’s taken me a lot of years, but I’ve come around to this: If you’re dumb, surround yourself with smart people. And if you’re smart, surround yourself with smart people who disagree with you.

lazydavid
Posts: 1758
Joined: Wed Apr 06, 2016 1:37 pm

Re: Router hack, have you acted?

Post by lazydavid » Wed May 30, 2018 9:02 am

munemaker wrote:
Tue May 29, 2018 10:43 pm
I am not worried about it. There are a lot of routers in this country. The chances of the bad guys coming after mine are pretty small.
Within a few days of vulnerabilities like this becoming public, every impacted device will be listed in search engines like Shodan. Bad guy can pull the list of all 517,000 (or whatever) identified devices, and attack them all simultaneously.
aqan wrote:
Wed May 30, 2018 6:11 am
FYI Chances of bad guys randomly choosing you are exactly the same as choosing any other router in this country.
And that chance is 100%.

For myself, I have done nothing, because my Cisco (Enterprise, not Consumer) router is not impacted. Beyond that, it uses a unique username with a strong password, does not have external management enabled, and does IPS, which are additional mitigating factors if the device itself was impacted.
Last edited by lazydavid on Wed May 30, 2018 9:11 am, edited 1 time in total.

lazydavid
Posts: 1758
Joined: Wed Apr 06, 2016 1:37 pm

Re: Router hack, have you acted?

Post by lazydavid » Wed May 30, 2018 9:08 am

oldcomputerguy wrote:
Wed May 30, 2018 8:42 am
munemaker wrote:
Wed May 30, 2018 7:56 am
It is good to run this check to see if your equipment is exposed to hackers:
https://www.grc.com/x/ne.dll?bh0bkyd2
Seriously? Download and run an unknown DLL?

I think not.
Steve should put a different extension on the page, but it's a page, not a client-side dll. It might be a server-side dll, but that doesn't matter. Basically on the page, you click a button, and his server makes connections to your public IP on a variety of ports to see if you have anything open that you shouldn't. Your machine is not involved at all, except to give him the ok to do the scan.

student
Posts: 2509
Joined: Fri Apr 03, 2015 6:58 am

Re: Router hack, have you acted?

Post by student » Wed May 30, 2018 9:10 am

lazydavid wrote:
Wed May 30, 2018 9:08 am
oldcomputerguy wrote:
Wed May 30, 2018 8:42 am
munemaker wrote:
Wed May 30, 2018 7:56 am
It is good to run this check to see if your equipment is exposed to hackers:
https://www.grc.com/x/ne.dll?bh0bkyd2
Seriously? Download and run an unknown DLL?

I think not.
Steve should put a different extension on the page, but it's a page, not a client-side dll. It might be a server-side dll, but that doesn't matter. Basically on the page, you click a button, and his server makes connections to your public IP on a variety of ports to see if you have anything open that you shouldn't. Your machine is not involved at all, except to give him the ok to do the scan.
I have used grc.com years ago. As far as I can tell, it is a reputable company.

AntsOnTheMarch
Posts: 610
Joined: Mon May 29, 2017 5:47 pm

Re: Router hack, have you acted?

Post by AntsOnTheMarch » Wed May 30, 2018 9:14 am

My AirPort Extreme is not on the list so I’m doing nothing. It’s already got the latest firmware and a robust password. I make it a practice to assign unique, robust passwords to any new device/login and keep all relevant info in my password manager. Next on my list is to keep up on security updates. I learn of any exploits from the inter-webs and decide on a case by case basis. I didn’t change my twitter password for example, after the latest kerfuffle because I determine that it was FUD.

User avatar
telemark
Posts: 2299
Joined: Sat Aug 11, 2012 6:35 am

Re: Router hack, have you acted?

Post by telemark » Wed May 30, 2018 9:19 am

Mine is not on the list (Google network box) but I rebooted it anyway, because why not?

jayk238
Posts: 436
Joined: Tue Jan 31, 2017 1:02 pm

Re: Router hack, have you acted?

Post by jayk238 » Wed May 30, 2018 9:28 am

We are moving in a few weeks. At my new place I will replace my tplink with google mesh for further security

User avatar
jhfenton
Posts: 3250
Joined: Sat Feb 07, 2015 11:17 am
Location: Ohio

Re: Router hack, have you acted?

Post by jhfenton » Wed May 30, 2018 9:31 am

All my routers have custom admin names, max-length passwords, and reboot for maintenance on a regular schedule. I've had WPS turned off on all of my routers since the day I brought my first router home with it. (It was never secure.) I'm not

Unfortunately TP-Link has abandoned V1 of the Archer C7. The last firmware update for V1 was in 2014. (They have 2018 updates for V2 through V4.) I still have two of the V1 C7's in use as a bridge from downstairs to upstairs.
retired recently wrote:
Wed May 30, 2018 4:49 am
We turn ours off every night before going to bed. Hopefully, that provides us with some protection...

Why would folks leave it on if you are sleeping?
Because virtually everything in the house is connected to the Internet 24/7. Computers, phones, and tablets back up to the cloud overnight. Software updates run.

User avatar
samsoes
Posts: 840
Joined: Tue Mar 05, 2013 9:12 am
Location: Northeast Rat Race

Re: Router hack, have you acted?

Post by samsoes » Wed May 30, 2018 10:23 am

retired recently wrote:
Wed May 30, 2018 4:49 am
We turn ours off every night before going to bed. Hopefully, that provides us with some protection...

Why would folks leave it on if you are sleeping?
Many devices fail the POST (Power On Self Test) when powering on. We had this problem at Megacorp whenever a piece of networking equipment had to be powered-down for whatever reason. Oftentimes one of them just wouldn't come back up.
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. | (Avatar is the statue of Gen. Warren at Little Round Top @ Gettysburg National Military Park.)

User avatar
samsoes
Posts: 840
Joined: Tue Mar 05, 2013 9:12 am
Location: Northeast Rat Race

Re: Router hack, have you acted?

Post by samsoes » Wed May 30, 2018 11:08 am

jayk238 wrote:
Wed May 30, 2018 9:28 am
We are moving in a few weeks. At my new place I will replace my tplink with google mesh for further security
"Google security" is an oxymoron. They already know more about you than anyone else. Don't give them control of your network as well. I'm trying g to de-googlize myself the best I can.
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. | (Avatar is the statue of Gen. Warren at Little Round Top @ Gettysburg National Military Park.)

jebmke
Posts: 8277
Joined: Thu Apr 05, 2007 2:44 pm

Re: Router hack, have you acted?

Post by jebmke » Wed May 30, 2018 11:25 am

samsoes wrote:
Wed May 30, 2018 11:08 am
They already know more about you than anyone else.
That is more of a privacy issue. Do you have any reason to believe Google hardware is less secure?
When you discover that you are riding a dead horse, the best strategy is to dismount.

User avatar
Ged
Posts: 3576
Joined: Mon May 13, 2013 1:48 pm
Location: Roke

Re: Router hack, have you acted?

Post by Ged » Wed May 30, 2018 11:40 am

I updated my firmware, which includes a reboot.

Didn't change the password. The router (Asus) is not on the affected list.

User avatar
Ged
Posts: 3576
Joined: Mon May 13, 2013 1:48 pm
Location: Roke

Re: Router hack, have you acted?

Post by Ged » Wed May 30, 2018 11:44 am

samsoes wrote:
Wed May 30, 2018 11:08 am
jayk238 wrote:
Wed May 30, 2018 9:28 am
We are moving in a few weeks. At my new place I will replace my tplink with google mesh for further security
"Google security" is an oxymoron. They already know more about you than anyone else. Don't give them control of your network as well. I'm trying g to de-googlize myself the best I can.
My impression is that Google is pretty good about not letting OTHER people collect your information. However they do make me uncomfortable with what THEY collect.

Their routers come with a privacy notice. Yuck.

jalbert
Posts: 3584
Joined: Fri Apr 10, 2015 12:29 am

Re: Router hack, have you acted?

Post by jalbert » Wed May 30, 2018 12:05 pm

Some high level info about the attack:

https://www.techspot.com/news/74782-fbi ... nfect.html

Compromised routers communicate with a rogue site that the FBI seems to have taken over, and I think the purpose of requesting people to reboot their routers may be so that they will try to make a new connection and all of the models of routers affected can be identified. I am skeptical that a reboot by itself fully addresses the issue if your router is compromised.

The models of routers known to be involved likely is not be a complete list. No information seems to be available on how to tell if a router was compromised. Strategies involving logging outbound requests may catch it connecting to a rogue site, but the malware may defeat logging so not a conclusive test if you don’t see anything.

Very detailed technical info about the attack:

http://news.sophos.com/en-us/2018/05/24 ... -analysis/

It appears that 2 of the 3 parts of the attack may be installed by communicating with the VPNFilter rogue site so now that this site is not functioning to install malware, the reboot would eliminate those two components, at least so long as the router is not compromised again to connect to a different rogue site.

Here is some general info on securing a router:

https://amp.tomsguide.com/us/home-route ... 19245.html

If I have reason to think firmware in a router I own has actually been compromised, I don’t reset the router and upgrade the firmware— I buy a new router. The malware could have compromised the reset and/or upgrade functionality so that those operations fail to eliminate the malware.

On the other hand, keeping an uncompromised router up-to-date with the latest firmware versions on a somewhat regular basis is a good idea.
Index fund investor since 1987.

User avatar
Epsilon Delta
Posts: 7430
Joined: Thu Apr 28, 2011 7:00 pm

Re: Router hack, have you acted?

Post by Epsilon Delta » Wed May 30, 2018 12:43 pm

samsoes wrote:
Wed May 30, 2018 10:23 am
Many devices fail the POST (Power On Self Test) when powering on. We had this problem at Megacorp whenever a piece of networking equipment had to be powered-down for whatever reason. Oftentimes one of them just wouldn't come back up.
Having designed and written a good many POST: if the system fails them you should not be using the equipment. Granted the equipment I worked with could result in dismemberment rather than flaky internet connections but diagnosing network failures when some of the equipment is known to be failing is an expensive waste of time.

lotusflower
Posts: 170
Joined: Thu Oct 24, 2013 12:32 am

Re: Router hack, have you acted?

Post by lotusflower » Wed May 30, 2018 1:24 pm

munemaker wrote:
Wed May 30, 2018 7:56 am
It is good to run this check to see if your equipment is exposed to hackers:
https://www.grc.com/x/ne.dll?bh0bkyd2
That's a reasonable test, but it only shows whether you are visible to inbound connections. If the malware can be received during an outbound connection, like if you were shown a web page with some ads, and one of those ads loaded content from a malware server, then the server would know that your router exists and it seems possible that your router could still be infected.

Plus that test is like 10 years old, I don't think you can count on it to detect all possible threats.

Here's a better idea: take the FBI advice and REBOOT YOUR ROUTER!

User avatar
samsoes
Posts: 840
Joined: Tue Mar 05, 2013 9:12 am
Location: Northeast Rat Race

Re: Router hack, have you acted?

Post by samsoes » Wed May 30, 2018 2:34 pm

jebmke wrote:
Wed May 30, 2018 11:25 am
samsoes wrote:
Wed May 30, 2018 11:08 am
They already know more about you than anyone else.
That is more of a privacy issue. Do you have any reason to believe Google hardware is less secure?
Yes. Google monetizes us anyway they can. Allowing them to control one's home network is just gives them more opportunity to collect data to increase the value of such monetization.

Don't think they won't do it. There's money to be made.
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. | (Avatar is the statue of Gen. Warren at Little Round Top @ Gettysburg National Military Park.)

User avatar
samsoes
Posts: 840
Joined: Tue Mar 05, 2013 9:12 am
Location: Northeast Rat Race

Re: Router hack, have you acted?

Post by samsoes » Wed May 30, 2018 2:37 pm

Epsilon Delta wrote:
Wed May 30, 2018 12:43 pm
samsoes wrote:
Wed May 30, 2018 10:23 am
Many devices fail the POST (Power On Self Test) when powering on. We had this problem at Megacorp whenever a piece of networking equipment had to be powered-down for whatever reason. Oftentimes one of them just wouldn't come back up.
Having designed and written a good many POST: if the system fails them you should not be using the equipment. Granted the equipment I worked with could result in dismemberment rather than flaky internet connections but diagnosing network failures when some of the equipment is known to be failing is an expensive waste of time.
How would you know if a system will fail a POST if it is running properly and hasn't yet failed a POST? Especially the average user's home networking equipment?

Sounds like a conundrum.
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. | (Avatar is the statue of Gen. Warren at Little Round Top @ Gettysburg National Military Park.)

jebmke
Posts: 8277
Joined: Thu Apr 05, 2007 2:44 pm

Re: Router hack, have you acted?

Post by jebmke » Wed May 30, 2018 2:44 pm

samsoes wrote:
Wed May 30, 2018 2:34 pm
jebmke wrote:
Wed May 30, 2018 11:25 am
samsoes wrote:
Wed May 30, 2018 11:08 am
They already know more about you than anyone else.
That is more of a privacy issue. Do you have any reason to believe Google hardware is less secure?
Yes. Google monetizes us anyway they can. Allowing them to control one's home network is just gives them more opportunity to collect data to increase the value of such monetization.

Don't think they won't do it. There's money to be made.
The topic here is security, though.

As to the privacy, many use Google's DNS server and anyone with an Android phone or using Chrome or using Google cloud application is hooked to Google's systems. Anyone with a smartphone is basically choosing Google or Apple to disclose a lot of information to.

I suspect that the router is not the biggest privacy leak most people have.
When you discover that you are riding a dead horse, the best strategy is to dismount.

User avatar
samsoes
Posts: 840
Joined: Tue Mar 05, 2013 9:12 am
Location: Northeast Rat Race

Re: Router hack, have you acted?

Post by samsoes » Wed May 30, 2018 2:54 pm

jebmke wrote:
Wed May 30, 2018 2:44 pm
samsoes wrote:
Wed May 30, 2018 2:34 pm
jebmke wrote:
Wed May 30, 2018 11:25 am
samsoes wrote:
Wed May 30, 2018 11:08 am
They already know more about you than anyone else.
That is more of a privacy issue. Do you have any reason to believe Google hardware is less secure?
Yes. Google monetizes us anyway they can. Allowing them to control one's home network is just gives them more opportunity to collect data to increase the value of such monetization.

Don't think they won't do it. There's money to be made.
The topic here is security, though.

As to the privacy, many use Google's DNS server and anyone with an Android phone or using Chrome or using Google cloud application is hooked to Google's systems. Anyone with a smartphone is basically choosing Google or Apple to disclose a lot of information to.

I suspect that the router is not the biggest privacy leak most people have.
I run Perfect Privacy VPN on my phone and my home PC only because I detest the thought of privacy violations. In addition, I am slowly transitioning away from Gmail to Protonmail.com. After much research, I've determined that these two are the most robustly secure and private in their respective areas.

Reading Comcast's privacy policy put me over the edge. Combined with Facebook's recent congressional hearings and what we know about Google How dare they? It's like voluntarily putting an always on, internet-connected listening device in your home. Who would do that?
Oh, wait...

While I agree that one's router isn't the biggest privacy leak one has, router firmware code reporting back to the Mother Ship shouldn't exist at all.
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. | (Avatar is the statue of Gen. Warren at Little Round Top @ Gettysburg National Military Park.)

Post Reply