Router hack, have you acted?

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
RickBoglehead
Posts: 1251
Joined: Wed Feb 14, 2018 9:10 am

Re: Router hack, have you acted?

Post by RickBoglehead » Wed May 30, 2018 2:55 pm

retired recently wrote:
Wed May 30, 2018 4:49 am
We turn ours off every night before going to bed. Hopefully, that provides us with some protection...

Why would folks leave it on if you are sleeping?
Windows processes updates during the night, cellphones download new programs, Windows Media Center schedule guide...

mptfan
Posts: 4798
Joined: Mon Mar 05, 2007 9:58 am

Re: Router hack, have you acted?

Post by mptfan » Wed May 30, 2018 3:01 pm

retired recently wrote:
Wed May 30, 2018 4:49 am
We turn ours off every night before going to bed. Hopefully, that provides us with some protection...

Why would folks leave it on if you are sleeping?
Because it's just to much trouble to remmeber to turn a router on and off several times a day, life's too short for that.
Last edited by mptfan on Wed May 30, 2018 3:02 pm, edited 1 time in total.

User avatar
Epsilon Delta
Posts: 7440
Joined: Thu Apr 28, 2011 7:00 pm

Re: Router hack, have you acted?

Post by Epsilon Delta » Wed May 30, 2018 3:02 pm

samsoes wrote:
Wed May 30, 2018 2:37 pm
Epsilon Delta wrote:
Wed May 30, 2018 12:43 pm
samsoes wrote:
Wed May 30, 2018 10:23 am
Many devices fail the POST (Power On Self Test) when powering on. We had this problem at Megacorp whenever a piece of networking equipment had to be powered-down for whatever reason. Oftentimes one of them just wouldn't come back up.
Having designed and written a good many POST: if the system fails them you should not be using the equipment. Granted the equipment I worked with could result in dismemberment rather than flaky internet connections but diagnosing network failures when some of the equipment is known to be failing is an expensive waste of time.
How would you know if a system will fail a POST if it is running properly and hasn't yet failed a POST? Especially the average user's home networking equipment?

Sounds like a conundrum.
If it would fail a POST it is not running properly. A POST usually test some pretty basic hardware and software integrity. If that integrity is not there you can't trust anything it does. For example if a memory location is not remembering what was stored to it anything that uses that memory location could fail in various interesting ways. For something like a router this might result in an inordinate number of retries. This is really not working properly but you often don't notice until something else goes just a little off. Then you blame the other thing instead of the real problem.

Also the POST was probably written by the same group that wrote the rest of the software. It makes no sense to trust everything else but assume the POST is giving false positives.

lotusflower
Posts: 188
Joined: Thu Oct 24, 2013 12:32 am

Re: Router hack, have you acted?

Post by lotusflower » Wed May 30, 2018 3:27 pm

mptfan wrote:
Wed May 30, 2018 3:01 pm
retired recently wrote:
Wed May 30, 2018 4:49 am
We turn ours off every night before going to bed. Hopefully, that provides us with some protection...

Why would folks leave it on if you are sleeping?
Because it's just to much trouble to remmeber to turn a router on and off several times a day, life's too short for that.
Plus, what's different during the day that makes it any safer?? It's not as if you are going to notice when first infected, at least not with a botnet like this.

User avatar
samsoes
Posts: 897
Joined: Tue Mar 05, 2013 9:12 am
Location: Northeast Rat Race

Re: Router hack, have you acted?

Post by samsoes » Wed May 30, 2018 3:29 pm

Epsilon Delta wrote:
Wed May 30, 2018 3:02 pm
samsoes wrote:
Wed May 30, 2018 2:37 pm
Epsilon Delta wrote:
Wed May 30, 2018 12:43 pm
samsoes wrote:
Wed May 30, 2018 10:23 am
Many devices fail the POST (Power On Self Test) when powering on. We had this problem at Megacorp whenever a piece of networking equipment had to be powered-down for whatever reason. Oftentimes one of them just wouldn't come back up.
Having designed and written a good many POST: if the system fails them you should not be using the equipment. Granted the equipment I worked with could result in dismemberment rather than flaky internet connections but diagnosing network failures when some of the equipment is known to be failing is an expensive waste of time.
How would you know if a system will fail a POST if it is running properly and hasn't yet failed a POST? Especially the average user's home networking equipment?

Sounds like a conundrum.
If it would fail a POST it is not running properly.
Yes, but how would you know it would fail a POST unless it fails a POST?
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. | (Avatar is the statue of Gen. Warren atop Little Round Top @ Gettysburg National Military Park.)

ResearchMed
Posts: 7680
Joined: Fri Dec 26, 2008 11:25 pm

Re: Router hack, have you acted?

Post by ResearchMed » Wed May 30, 2018 3:32 pm

retired recently wrote:
Wed May 30, 2018 4:49 am
We turn ours off every night before going to bed. Hopefully, that provides us with some protection...

Why would folks leave it on if you are sleeping?
Because there are not infrequent times when one of us is awake during the night... and online.
But that's not technically the situation you are asking about, because at that time, at least one of us is not sleeping, at least not unless that one nods off........ zzzz

RM
This signature is a placebo. You are in the control group.

UpperNwGuy
Posts: 1252
Joined: Sun Oct 08, 2017 7:16 pm

Re: Router hack, have you acted?

Post by UpperNwGuy » Wed May 30, 2018 3:40 pm

I have no idea how to update firmware, change passwords, or alter the security settings on my router. The cable guy set up the modem and router when he installed the cable internet, and I just use the wifi. He did ask me to select my own password. The extent of my ability to deal with this issue is to turn the modem and router off and on to reboot.

User avatar
legio XX
Posts: 476
Joined: Tue Jul 15, 2008 6:37 am
Location: NYC

Re: Router hack, have you acted?

Post by legio XX » Wed May 30, 2018 4:10 pm

UpperNwGuy wrote:
Wed May 30, 2018 3:40 pm
I have no idea how to update firmware, change passwords, or alter the security settings on my router. The cable guy set up the modem and router when he installed the cable internet, and I just use the wifi. He did ask me to select my own password. The extent of my ability to deal with this issue is to turn the modem and router off and on to reboot.
That's where I was when I checked in on B'heads this morning. But, the computer-savvy neighbor who helps me with things like this has a full plate at the moment, so I rebooted and then tried to update. Search on "router make-model firmware update," can't be all that hard, right? There's even a short video. OK,it took a while. Somehow or other, the account for the router was created while using my tablet so I thought it was something for the tablet :oops: - so I tried the factory passwords and went nowhere. "Forgot Password" link gave me some security questions, and I could remember the answers I made up so eventually got logged in and did the update. Also set for auto update (good or bad idea?) and went over the other things, left settings as was, almost everything was off.

Did my homework for today, thanks Bogleheads.

User avatar
nisiprius
Advisory Board
Posts: 37080
Joined: Thu Jul 26, 2007 9:33 am
Location: The terrestrial, globular, planetary hunk of matter, flattened at the poles, is my abode.--O. Henry

Re: Router hack, have you acted?

Post by nisiprius » Wed May 30, 2018 4:20 pm

For now, I've settled for turning AC power to the router (a LinkSys E1200) off and on.

I've had enough bad issues with firmware updates in the past that I'm waiting for a nice calm period of time, in a couple of weekends, to do anything more than that. I've verified that the web-based management tool provides for saving and restoring the configuration, and applying firmware updates. Despite press reports that every was ready with updates, the latest E1200 v2 firmware update I could find was dated March 2018 so I question whether it addresses the problem. Anyway, I want to do it on a weekend when my wife and I can both tolerate being without the Internet for a few hours, just in case the update leaves the router nonfunctional and I need to do a quick run to a store to buy a new one.

I've been thinking for a while that I should put the router on a timer that cycles power on it once a week, and I believe I'll actually do it.

Any kind of auto update scares me. My wife had her Windows PC rendered unbootable TWICE by automatic updates. Not once, twice. Each time I was able to save the day by, IIRC, booting in safe mode and using the checkpoint tool (whose name and location in the menu structure keeps changing) to rollback to before the update. Two cheers.
Annual income twenty pounds, annual expenditure nineteen nineteen and six, result happiness; Annual income twenty pounds, annual expenditure twenty pounds ought and six, result misery.

AntsOnTheMarch
Posts: 610
Joined: Mon May 29, 2017 5:47 pm

Re: Router hack, have you acted?

Post by AntsOnTheMarch » Wed May 30, 2018 4:34 pm

Here’s a purely what if question for the techies. What’s the timeline for suggesting a reboot and password change? Say you changed the password 2 months ago. Or say you rebooted the router a month ago, or a week ago, or 2 days ago, or 10 minutes before this announcement was made public. Why would rebooting today make it more secure? Or is this one of those pieces of advice based on the assumption that people never change the factory set password and never reboot?

retired recently
Posts: 313
Joined: Sun Oct 04, 2009 6:09 pm

Re: Router hack, have you acted?

Post by retired recently » Wed May 30, 2018 4:55 pm

blueman457 wrote:
Wed May 30, 2018 7:09 am
retired recently wrote:
Wed May 30, 2018 4:49 am
We turn ours off every night before going to bed. Hopefully, that provides us with some protection...

Why would folks leave it on if you are sleeping?
Why do you turn it off when you’re sleeping?

I leave my router on overnight so my devices can download updates and computers can back themselves up.

I think restarting a router nightly is a reasonable idea. I did restart my Apple router even though it isn’t listed.
We started turning off the router at night to ensure our kids would not be on the internet once they went to bed. They now have data plans but the habit stuck. Everything that needs to update, etc. seems to do it just fine when I get up in the morning and turn it on. If I leave the house for an hour or so, I turn it off, just like I would lights, etc. I just do not leave things on if I am not using them.

dbr
Posts: 27207
Joined: Sun Mar 04, 2007 9:50 am

Re: Router hack, have you acted?

Post by dbr » Wed May 30, 2018 5:10 pm

I don't know where in here anything about this particular hack has anything to do with people's passwords. Apparently all that is being suggested is to power down (pull the power plug), wait a couple of minutes, then stick the power plug back in. Some routers may have a power on/off switch to be turned off first.

SittingOnTheFence
Posts: 295
Joined: Sun Sep 27, 2015 5:30 pm

Re: Router hack, have you acted?

Post by SittingOnTheFence » Wed May 30, 2018 5:26 pm

bltkmt wrote:
Wed May 30, 2018 7:35 am
SittingOnTheFence wrote:
Wed May 30, 2018 12:47 am
My primary wifi reboots itself automatically every week.
Curious how you enabled this, as I would like mine to do that.
The router has a built-in option to select that in it's web interface. I selected once a week at a time no one is likely to be using it.

User avatar
GerryL
Posts: 1956
Joined: Fri Sep 20, 2013 11:40 pm

Re: Router hack, have you acted?

Post by GerryL » Wed May 30, 2018 5:38 pm

retired recently wrote:
Wed May 30, 2018 4:49 am
We turn ours off every night before going to bed. Hopefully, that provides us with some protection...

Why would folks leave it on if you are sleeping?
Learned why to leave it on back in 2015. I bought a Tivo device and planned to record my favorite shows while I was out of the country for a month. Before setting off for airport I turned off my router. Returned to find that the Tivo had only recorded 2 weeks of shows, since the program guide only updates 2 weeks out and it had no new information about what to record in weeks 3 and 4.

AntsOnTheMarch
Posts: 610
Joined: Mon May 29, 2017 5:47 pm

Re: Router hack, have you acted?

Post by AntsOnTheMarch » Wed May 30, 2018 5:42 pm

AntsOnTheMarch wrote:
Wed May 30, 2018 4:34 pm
Here’s a purely what if question for the techies. What’s the timeline for suggesting a reboot and password change? Say you changed the password 2 months ago. Or say you rebooted the router a month ago, or a week ago, or 2 days ago, or 10 minutes before this announcement was made public. Why would rebooting today make it more secure? Or is this one of those pieces of advice based on the assumption that people never change the factory set password and never reboot?
Never mind. I see what’s going on now.
How would pressing a button on your router help, though? According to the FBI, rebooting your router will destroy the part of the malware that can do nasty things like spy on your activities, while leaving the install package intact. And when that install package phones home to download the nasty part, the FBI will be able to trace that -- because the US government says it's seized a critical domain that the Russian hackers were allegedly using.

https://www.cnet.com/news/the-fbi-wants ... -a-botnet/#]

Copper John
Posts: 151
Joined: Tue Jan 11, 2011 12:31 pm

Re: Router hack, have you acted?

Post by Copper John » Wed May 30, 2018 7:57 pm

My Netgear Router is on the list. I used the PC Magazine link provided by BHUser27 earlier in this thread to follow Netgear's advice to do the following 3 things:

1) Ensure my router has the latest firmware

2) Make sure the default of not allowing remote access is in place

3) Change the default settings for the password. This is NOT the password and username for your wifi network. The default username is admin and the default pw is password for Netgear routers.

ResearchMed
Posts: 7680
Joined: Fri Dec 26, 2008 11:25 pm

Re: Router hack, have you acted?

Post by ResearchMed » Wed May 30, 2018 8:14 pm

Copper John wrote:
Wed May 30, 2018 7:57 pm
My Netgear Router is on the list. I used the PC Magazine link provided by BHUser27 earlier in this thread to follow Netgear's advice to do the following 3 things:

1) Ensure my router has the latest firmware

2) Make sure the default of not allowing remote access is in place

3) Change the default settings for the password. This is NOT the password and username for your wifi network. The default username is admin and the default pw is password for Netgear routers.
Are the defaults what the equipment arrives with?
If so, once you've changed to your own choice of username/pw, are the defaults still operable?

RM
This signature is a placebo. You are in the control group.

student
Posts: 2677
Joined: Fri Apr 03, 2015 6:58 am

Re: Router hack, have you acted?

Post by student » Wed May 30, 2018 8:19 pm

ResearchMed wrote:
Wed May 30, 2018 8:14 pm
Copper John wrote:
Wed May 30, 2018 7:57 pm
My Netgear Router is on the list. I used the PC Magazine link provided by BHUser27 earlier in this thread to follow Netgear's advice to do the following 3 things:

1) Ensure my router has the latest firmware

2) Make sure the default of not allowing remote access is in place

3) Change the default settings for the password. This is NOT the password and username for your wifi network. The default username is admin and the default pw is password for Netgear routers.
Are the defaults what the equipment arrives with?
If so, once you've changed to your own choice of username/pw, are the defaults still operable?

RM
No. Once you set your own, the defaults should not be available anymore. If you forget the password, then you will need to do a hard reset to get it back to the original factory setting.

TheDDC
Posts: 223
Joined: Mon Jan 08, 2018 11:11 am

Re: Router hack, have you acted?

Post by TheDDC » Wed May 30, 2018 8:38 pm

StevieG72 wrote:
Tue May 29, 2018 9:13 pm
I am sure most have heard about the recent router hack.

Have you done anything?

I did a factory reset on my router, updated the firmware, changed passwords, and tweeked security settings.

The list of likely impacted models is likely incomplete. My manufacturer was listed, but not the specific model number.

Some folks are perfectly happy with the default settings including passwords!
No. I run a Cisco router (without IPSEC VPN enabled).

-TheDDC

User avatar
Nicolas
Posts: 1160
Joined: Wed Aug 22, 2012 7:41 am

Re: Router hack, have you acted?

Post by Nicolas » Wed May 30, 2018 8:41 pm

Deleted
Last edited by Nicolas on Thu Sep 06, 2018 6:26 am, edited 1 time in total.
One never knows, do one? — Fats Waller

User avatar
Tyler Aspect
Posts: 1088
Joined: Mon Mar 20, 2017 10:27 pm
Location: California
Contact:

Re: Router hack, have you acted?

Post by Tyler Aspect » Wed May 30, 2018 8:46 pm

I had a PCWRT router that I upgraded its firmware a few weeks ago. Due to an upgrade issue, I had an unsecured WIFI access point running beside my regular WIFI access point. I had to do a factory reset to get rid of that extra access point. During this few weeks my intranet was wide open and my WIFI was free for my neighbors to access!
Past result does not predict future performance. Mentioned investments may lose money. Contents are presented "AS IS" and any implied suitability for a particular purpose are disclaimed.

User avatar
Pancakes-Eggs-Bacon
Posts: 154
Joined: Wed May 02, 2018 6:17 am

Re: Router hack, have you acted?

Post by Pancakes-Eggs-Bacon » Wed May 30, 2018 10:32 pm

oldcomputerguy wrote:
Wed May 30, 2018 8:42 am
munemaker wrote:
Wed May 30, 2018 7:56 am
It is good to run this check to see if your equipment is exposed to hackers:
https://www.grc.com/x/ne.dll?bh0bkyd2
Seriously? Download and run an unknown DLL?

I think not.
You're erring on the side of caution, but it's a little over-the-top. If you look at the URL, it's GRC.com, which is Steve Gibson's "Gibson Research Corporation." He's well-known in the InfoSec community. To get to the same URL, go to https://www.grc.com/default.htm then under "Services," then "ShieldsUP!" and there's some basic tests to see if any ports are exposed on your public IP's endpoint (typically your edge router). I recommend the "All Service Ports" test as well as the "UPnP Explosure" test.

Everyone here should pass both tests with flying colors -- lots of those tests were written many years ago when default settings were more open and vulnerable.
Last edited by Pancakes-Eggs-Bacon on Wed May 30, 2018 10:42 pm, edited 1 time in total.

User avatar
Pancakes-Eggs-Bacon
Posts: 154
Joined: Wed May 02, 2018 6:17 am

Re: Router hack, have you acted?

Post by Pancakes-Eggs-Bacon » Wed May 30, 2018 10:39 pm

AntsOnTheMarch wrote:
Wed May 30, 2018 4:34 pm
Here’s a purely what if question for the techies. What’s the timeline for suggesting a reboot and password change? Say you changed the password 2 months ago. Or say you rebooted the router a month ago, or a week ago, or 2 days ago, or 10 minutes before this announcement was made public. Why would rebooting today make it more secure? Or is this one of those pieces of advice based on the assumption that people never change the factory set password and never reboot?
The "reboot" advice is just generic advice that helps the most people with the least amount of techie-talk. I believe lots of the news and documentation for this "VPNFilter" exploit are premature. I believe vendors (and the FBI?) were still working on documentation but something forced everyone to publish early.

To your question, I think some people are confusing two different passwords:

1) The username/password to the admin interface on the router. This lets you log in and change basic settings. This is the password that a remote attacker on the Internet will try to attack, and the gist is many people don't change their routers from the default password (such as admin/admin or admin/linksys or whatever), making it super easy to automatically exploit.

2) The WPA2 Wi-Fi password.

jayk238
Posts: 451
Joined: Tue Jan 31, 2017 1:02 pm

Re: Router hack, have you acted?

Post by jayk238 » Thu May 31, 2018 7:24 am

samsoes wrote:
Wed May 30, 2018 11:08 am
jayk238 wrote:
Wed May 30, 2018 9:28 am
We are moving in a few weeks. At my new place I will replace my tplink with google mesh for further security
"Google security" is an oxymoron. They already know more about you than anyone else. Don't give them control of your network as well. I'm trying g to de-googlize myself the best I can.
I disagree. I think google hate is just the latest bandwagon.
Google does not read your activity w their routers. They just dont. Also google admits openly they will read your emails as part of tos.
Its really on the user with regards to that.
Thats why I use proton mail for email. Its as secure its free and its pgp w 2 factor and no one reads your mail.

dbr
Posts: 27207
Joined: Sun Mar 04, 2007 9:50 am

Re: Router hack, have you acted?

Post by dbr » Thu May 31, 2018 7:43 am

jayk238 wrote:
Thu May 31, 2018 7:24 am
samsoes wrote:
Wed May 30, 2018 11:08 am
jayk238 wrote:
Wed May 30, 2018 9:28 am
We are moving in a few weeks. At my new place I will replace my tplink with google mesh for further security
"Google security" is an oxymoron. They already know more about you than anyone else. Don't give them control of your network as well. I'm trying g to de-googlize myself the best I can.
I disagree. I think google hate is just the latest bandwagon.
Google does not read your activity w their routers. They just dont. Also google admits openly they will read your emails as part of tos.
Its really on the user with regards to that.
Thats why I use proton mail for email. Its as secure its free and its pgp w 2 factor and no one reads your mail.
Anything a person really, really does not want the rest of the world to see should never go into an e-mail.

User avatar
samsoes
Posts: 897
Joined: Tue Mar 05, 2013 9:12 am
Location: Northeast Rat Race

Re: Router hack, have you acted?

Post by samsoes » Thu May 31, 2018 8:30 am

jayk238 wrote:
Thu May 31, 2018 7:24 am
samsoes wrote:
Wed May 30, 2018 11:08 am
jayk238 wrote:
Wed May 30, 2018 9:28 am
We are moving in a few weeks. At my new place I will replace my tplink with google mesh for further security
"Google security" is an oxymoron. They already know more about you than anyone else. Don't give them control of your network as well. I'm trying g to de-googlize myself the best I can.
I disagree. I think google hate is just the latest bandwagon.
Google does not read your activity w their routers. They just dont. Also google admits openly they will read your emails as part of tos.
Its really on the user with regards to that.
Thats why I use proton mail for email. Its as secure its free and its pgp w 2 factor and no one reads your mail.
+1 for Protonmail. I'm migrating all my financial, tax, and health accounts to it. I'm keeping the shopping stuff on Gmail since I get bombarded with advertising emails from them on a daily basis. I want to keep the Protonmail inbox clean.
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. | (Avatar is the statue of Gen. Warren atop Little Round Top @ Gettysburg National Military Park.)

dbr
Posts: 27207
Joined: Sun Mar 04, 2007 9:50 am

Re: Router hack, have you acted?

Post by dbr » Thu May 31, 2018 8:37 am

samsoes wrote:
Thu May 31, 2018 8:30 am


+1 for Protonmail. I'm migrating all my financial, tax, and health accounts to it. I'm keeping the shopping stuff on Gmail since I get bombarded with advertising emails from them on a daily basis. I want to keep the Protonmail inbox clean.
I've noticed the online contact system from my health care providers does not allow anything in e-mail but rather has be be accessed by getting in the account on line and exchanging messages. The same is true for credit card companies, banks, etc.

How much really private information would ever be actually in an e-mail?

jebmke
Posts: 8467
Joined: Thu Apr 05, 2007 2:44 pm

Re: Router hack, have you acted?

Post by jebmke » Thu May 31, 2018 8:50 am

dbr wrote:
Thu May 31, 2018 8:37 am
I've noticed the online contact system from my health care providers does not allow anything in e-mail but rather has be be accessed by getting in the account on line and exchanging messages. The same is true for credit card companies, banks, etc.

How much really private information would ever be actually in an e-mail?
Same here. I don't get anything in email that is health related (the one exception is a monthly email from my HSA bank that the statement is ready). The only emails I get from USAA bank is a notice that a document may be available - it doesn't even say what document. It could be a bank statement, insurance bill .....

All my alerts are set up as text alerts.
When you discover that you are riding a dead horse, the best strategy is to dismount.

mbres60
Posts: 879
Joined: Tue Jul 03, 2007 1:47 pm

Re: Router hack, have you acted?

Post by mbres60 » Thu May 31, 2018 8:56 am

Just heard about this today. I am not a techie. When we got wifi about 5 or 6 years ago I read somewhere we should have a router and the cable modem. A couple of months ago Comcast told us to upgrade to a different modem so we did. We got rid of the old router and now just have the modem. Do I need to be worried? I unplugged it and plugged it back in just in case.

User avatar
Pancakes-Eggs-Bacon
Posts: 154
Joined: Wed May 02, 2018 6:17 am

Re: Router hack, have you acted?

Post by Pancakes-Eggs-Bacon » Thu May 31, 2018 9:29 am

mbres60 wrote:
Thu May 31, 2018 8:56 am
Just heard about this today. I am not a techie. When we got wifi about 5 or 6 years ago I read somewhere we should have a router and the cable modem. A couple of months ago Comcast told us to upgrade to a different modem so we did. We got rid of the old router and now just have the modem. Do I need to be worried? I unplugged it and plugged it back in just in case.
Probably don't need to be worried about this particular attack, but it's still too early to know for sure. I personally wouldn't worry too much, especially if the default password has been changed to something only you know.

According to this Cisco blog post -- New VPNFilter malware targets at least 500K networking devices worldwide -- the known list includes:
Cisco Talos Research wrote:Working with our partners, we estimate the number of infected devices to be at least 500,000 in at least 54 countries. The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices. No other vendors, including Cisco, have been observed as infected by VPNFilter, but our research continues.
Specific makes and models can be found elsewhere. The above summary article doesn't go into detail about how people get attacked but says many are old devices with known flaws, and many use the manufacturer's default username/password, which is public information. (Such as admin/password123).

Basic advice applies here such as:
1) Update firmware if at all possible on routers. Many older routers have been abandoned.
2) Change the admin password.
3) Make sure settings like "remote administration" are turned off, which basically allow people outside your house to log into your router directly.
4) Turn off anything you don't use or need in your router, such as Telnet, SSH, FTP, USB File sharing, media sharing or streaming, BitTorrent, printer sharing, etc.

For the super techies, here is the full research article, which is still in progress: https://blog.talosintelligence.com/2018 ... ilter.html

I haven't read it yet, but it looks like infections really picked up in Ukraine. I don't know how bad the USA is impacted...haven't seen the breakdown by country.

User avatar
Pancakes-Eggs-Bacon
Posts: 154
Joined: Wed May 02, 2018 6:17 am

Re: Router hack, have you acted?

Post by Pancakes-Eggs-Bacon » Thu May 31, 2018 9:34 am

To those who are switching away from Linksys or Netgear or TP-Link or any old equipment, can I recommend Asus? I still have an old RT-N66U from around 2013 that is still operational 24/7. I only use it for Wi-Fi not for routing, but it's been rock solid, and Asus still provides firmware and security updates even in 2018, since they unified a lot of their router updates so even older routers get updated.

I've read some bad reviews on Amazon/Newegg on some of their newer routers being flaky after a month or so, but if they've gotten their act together, Asus gets a good recommendation from me for a solid consumer-grade wireless router that won't get abandoned for updates like many other brands.

(I have no affiliation with Asus other than customer.)

seawolf21
Posts: 259
Joined: Tue Aug 05, 2014 7:33 am

Re: Router hack, have you acted?

Post by seawolf21 » Thu May 31, 2018 9:40 am

How does rebooting help? If it is vulnerable before, it would still be vulnerable after reboot.

jebmke
Posts: 8467
Joined: Thu Apr 05, 2007 2:44 pm

Re: Router hack, have you acted?

Post by jebmke » Thu May 31, 2018 9:43 am

seawolf21 wrote:
Thu May 31, 2018 9:40 am
How does rebooting help? If it is vulnerable before, it would still be vulnerable after reboot.
Have you read any of the posts that preceded yours?
When you discover that you are riding a dead horse, the best strategy is to dismount.

User avatar
Nicolas
Posts: 1160
Joined: Wed Aug 22, 2012 7:41 am

Re: Router hack, have you acted?

Post by Nicolas » Thu May 31, 2018 10:00 am

Deleted
Last edited by Nicolas on Thu Sep 06, 2018 6:25 am, edited 1 time in total.
One never knows, do one? — Fats Waller

uberme
Posts: 45
Joined: Wed Aug 12, 2015 3:17 pm

Re: Router hack, have you acted?

Post by uberme » Thu May 31, 2018 10:11 am

This is a great resource
https://www.routersecurity.org

There is a great “Secure Router Configuration - Start With This” section.

Make sure remote management is off, admin password is unique and firmware up to date.

User avatar
Mursili
Posts: 84
Joined: Tue May 15, 2012 8:32 pm

Re: Router hack, have you acted?

Post by Mursili » Thu May 31, 2018 10:21 am

nisiprius wrote:
Wed May 30, 2018 4:20 pm
I've had enough bad issues with firmware updates in the past that I'm waiting for a nice calm period of time, in a couple of weekends, to do anything more than that.
At least for some Netgear hardware, the actual exploit was announced some months ago. At that time, I began to look for updates using the router. In fact Netgear even sent me two emails - that amazingly made it through the various filters that I have and then they landed in my inbox - telling me to update my firmware. The last of these emails was 30 March 2018. I have not noticed any firmware updates from Netgear since then.

At least for my Netgear router, it is clear that the updates are already pretty well established and have been out for some time. The actual mechanism of this exploit was known some time ago. What has changed is the fact that "they" discovered that the exploit was actually in use.

Also, I highly recommend https://www.grc.com as a security resource. That site has been around a long time. There is also a podcast associated with the site that provides an excellent discussion of computer security - at least it did years ago when I was listening to it.
When it comes to havoc, no one wreaks like me! - Dr. Heinz Doofenshmirtz

uberme
Posts: 45
Joined: Wed Aug 12, 2015 3:17 pm

Re: Router hack, have you acted?

Post by uberme » Thu May 31, 2018 10:22 am

seawolf21 wrote:
Thu May 31, 2018 9:40 am
How does rebooting help? If it is vulnerable before, it would still be vulnerable after reboot.
It restarts stage 2 and 3. FBI took the site stage 2 called offline so stage 2 and 3 cannot restart. Device would still be in stage 1. Per my understanding.

Factory reset is supposed to remove stage 1.
Last edited by uberme on Thu May 31, 2018 10:25 am, edited 1 time in total.

MinhN
Posts: 36
Joined: Sun Mar 11, 2018 11:57 pm

Re: Router hack, have you acted?

Post by MinhN » Thu May 31, 2018 10:23 am

With the way things are going, the only way to remain unhackable is to go off the grid. Very disconcerting because our lives are becoming more online with ever more internet of things.

User avatar
Epsilon Delta
Posts: 7440
Joined: Thu Apr 28, 2011 7:00 pm

Re: Router hack, have you acted?

Post by Epsilon Delta » Thu May 31, 2018 10:32 am

samsoes wrote:
Wed May 30, 2018 3:29 pm
Yes, but how would you know it would fail a POST unless it fails a POST?
You usually wouldn't. But the point is that failing the POST does not break anything, it just tells you about a preexisting condition. A preexisting condition that may well have prevented proper operation before the power down, and could affect proper operation even if it is not powered down.

Generally it's silly to avoid powering down because you are afraid the system will fail the next POST and not come back up. If it fails it needs repair or replacement, and it needs repair or replacement whether or not you know. At worst you might want to delay a power down until a time it would be more convenient to repair or replace if it fails.

Leesbro63
Posts: 5534
Joined: Mon Nov 08, 2010 4:36 pm

Re: Router hack, have you acted?

Post by Leesbro63 » Thu May 31, 2018 11:15 am

I have an ARRIS router that I bought this past January from Best Buy to run with my Comcast internet. It's designed and sold as a specific "Comcast product". It's not at all clear what I now have to do to bring it up to security safety. HELP!

seawolf21
Posts: 259
Joined: Tue Aug 05, 2014 7:33 am

Re: Router hack, have you acted?

Post by seawolf21 » Thu May 31, 2018 11:25 am

jebmke wrote:
Thu May 31, 2018 9:43 am
seawolf21 wrote:
Thu May 31, 2018 9:40 am
How does rebooting help? If it is vulnerable before, it would still be vulnerable after reboot.
Have you read any of the posts that preceded yours?
Yes. The FBI post indicating reboot but it does not explain how/why it will temporarily disrupt the malware.
uberme wrote:
Thu May 31, 2018 10:22 am
seawolf21 wrote:
Thu May 31, 2018 9:40 am
How does rebooting help? If it is vulnerable before, it would still be vulnerable after reboot.
It restarts stage 2 and 3. FBI took the site stage 2 called offline so stage 2 and 3 cannot restart. Device would still be in stage 1. Per my understanding.

Factory reset is supposed to remove stage 1.
Thanks.

User avatar
Mursili
Posts: 84
Joined: Tue May 15, 2012 8:32 pm

Re: Router hack, have you acted?

Post by Mursili » Thu May 31, 2018 2:44 pm

dbr wrote:
Thu May 31, 2018 7:43 am
Anything a person really, really does not want the rest of the world to see should never go into an e-mail.
This depends entirely on the network being used. There are some large networks specifically designed so that the rest of the world does not see what goes on in them.
When it comes to havoc, no one wreaks like me! - Dr. Heinz Doofenshmirtz

User avatar
bertilak
Posts: 6160
Joined: Tue Aug 02, 2011 5:23 pm
Location: East of the Pecos, West of the Mississippi

Re: Router hack, have you acted?

Post by bertilak » Thu May 31, 2018 5:15 pm

retired recently wrote:
Wed May 30, 2018 4:49 am
Why would folks leave it on if you are sleeping?
At night is when backups and auto-updates occur. My HVAC has a call-home feature if problems are detected and that can happen at night. My security system records activity in the cloud, day or night. That includes video camera clips. I might have forgotten some things but not to worry; I am always connected!
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker, the Cowboy Poet

student
Posts: 2677
Joined: Fri Apr 03, 2015 6:58 am

Re: Router hack, have you acted?

Post by student » Thu May 31, 2018 5:21 pm

Leesbro63 wrote:
Thu May 31, 2018 11:15 am
I have an ARRIS router that I bought this past January from Best Buy to run with my Comcast internet. It's designed and sold as a specific "Comcast product". It's not at all clear what I now have to do to bring it up to security safety. HELP!
I think just do the recommended items is sufficient for now. 1) Reboot and 2) Update the firmware.

Leesbro63
Posts: 5534
Joined: Mon Nov 08, 2010 4:36 pm

Re: Router hack, have you acted?

Post by Leesbro63 » Thu May 31, 2018 6:42 pm

student wrote:
Thu May 31, 2018 5:21 pm
Leesbro63 wrote:
Thu May 31, 2018 11:15 am
I have an ARRIS router that I bought this past January from Best Buy to run with my Comcast internet. It's designed and sold as a specific "Comcast product". It's not at all clear what I now have to do to bring it up to security safety. HELP!
I think just do the recommended items is sufficient for now. 1) Reboot and 2) Update the firmware.
Again I ask, how DO I update the firmware. None of the links shown in this thread have been applicable to me.

student
Posts: 2677
Joined: Fri Apr 03, 2015 6:58 am

Re: Router hack, have you acted?

Post by student » Thu May 31, 2018 6:52 pm

Leesbro63 wrote:
Thu May 31, 2018 6:42 pm
student wrote:
Thu May 31, 2018 5:21 pm
Leesbro63 wrote:
Thu May 31, 2018 11:15 am
I have an ARRIS router that I bought this past January from Best Buy to run with my Comcast internet. It's designed and sold as a specific "Comcast product". It's not at all clear what I now have to do to bring it up to security safety. HELP!
I think just do the recommended items is sufficient for now. 1) Reboot and 2) Update the firmware.
Again I ask, how DO I update the firmware. None of the links shown in this thread have been applicable to me.
I do not have this particular router, so I am unable to give specific instructions. However, here are some suggestions.

1) Is the a combo modem/router? If it is, then Comcast will automatically update it by pushing the firmware. Certain Comcast Arris router may be under the same setup. https://forums.xfinity.com/t5/Your-Home ... -p/3054218 http://forums.xfinity.com/t5/Your-Home- ... -p/2971809

2) If it is a "normal router," then you have to follow directions such as the one given here. https://www.routertechnicalsupport.com/ ... ris-router

Leesbro63
Posts: 5534
Joined: Mon Nov 08, 2010 4:36 pm

Re: Router hack, have you acted?

Post by Leesbro63 » Thu May 31, 2018 7:55 pm

It’s the combo. Thank you!

jayk238
Posts: 451
Joined: Tue Jan 31, 2017 1:02 pm

Re: Router hack, have you acted?

Post by jayk238 » Sat Jun 02, 2018 9:40 am

dbr wrote:
Thu May 31, 2018 7:43 am
jayk238 wrote:
Thu May 31, 2018 7:24 am
samsoes wrote:
Wed May 30, 2018 11:08 am
jayk238 wrote:
Wed May 30, 2018 9:28 am
We are moving in a few weeks. At my new place I will replace my tplink with google mesh for further security
"Google security" is an oxymoron. They already know more about you than anyone else. Don't give them control of your network as well. I'm trying g to de-googlize myself the best I can.
I disagree. I think google hate is just the latest bandwagon.
Google does not read your activity w their routers. They just dont. Also google admits openly they will read your emails as part of tos.
Its really on the user with regards to that.
Thats why I use proton mail for email. Its as secure its free and its pgp w 2 factor and no one reads your mail.
Anything a person really, really does not want the rest of the world to see should never go into an e-mail.
Yes but my suggestions are not for such information!

jayk238
Posts: 451
Joined: Tue Jan 31, 2017 1:02 pm

Re: Router hack, have you acted?

Post by jayk238 » Sat Jun 02, 2018 9:42 am

dbr wrote:
Thu May 31, 2018 8:37 am
samsoes wrote:
Thu May 31, 2018 8:30 am


+1 for Protonmail. I'm migrating all my financial, tax, and health accounts to it. I'm keeping the shopping stuff on Gmail since I get bombarded with advertising emails from them on a daily basis. I want to keep the Protonmail inbox clean.
I've noticed the online contact system from my health care providers does not allow anything in e-mail but rather has be be accessed by getting in the account on line and exchanging messages. The same is true for credit card companies, banks, etc.

How much really private information would ever be actually in an e-mail?
the point of protonmail wouldnt be for sharing info with each other. The point is to prevent hackers from hijacking your email address and then using it to phish a bank or reset passwords via your email. My email is the top of the pyramid for everything. All password resets, private information etc are all routed through email. Securing my email address is a priority as a result.

dbr
Posts: 27207
Joined: Sun Mar 04, 2007 9:50 am

Re: Router hack, have you acted?

Post by dbr » Sat Jun 02, 2018 10:24 am

jayk238 wrote:
Sat Jun 02, 2018 9:42 am
dbr wrote:
Thu May 31, 2018 8:37 am
samsoes wrote:
Thu May 31, 2018 8:30 am


+1 for Protonmail. I'm migrating all my financial, tax, and health accounts to it. I'm keeping the shopping stuff on Gmail since I get bombarded with advertising emails from them on a daily basis. I want to keep the Protonmail inbox clean.
I've noticed the online contact system from my health care providers does not allow anything in e-mail but rather has be be accessed by getting in the account on line and exchanging messages. The same is true for credit card companies, banks, etc.

How much really private information would ever be actually in an e-mail?
the point of protonmail wouldnt be for sharing info with each other. The point is to prevent hackers from hijacking your email address and then using it to phish a bank or reset passwords via your email. My email is the top of the pyramid for everything. All password resets, private information etc are all routed through email. Securing my email address is a priority as a result.
That makes sense.

Post Reply