pipedreams Posted November 30, 2018 Share Posted November 30, 2018 Worth a read, just be sure your router is locked down. By Catalin Cimpanu for Zero Day | November 28, 2018 https://www.zdnet.com/article/hackers-are-opening-smb-ports-on-routers-so-they-can-infect-pcs-with-nsa-malware/ 1 1 Link to comment Share on other sites More sharing options...
Moeman Posted November 30, 2018 Share Posted November 30, 2018 So... what is a home remedy? 1 Link to comment Share on other sites More sharing options...
Moshe Posted November 30, 2018 Share Posted November 30, 2018 Tracking the IP, and hit them until they are too stupid to do it anymore? 1 Link to comment Share on other sites More sharing options...
crockett Posted November 30, 2018 Share Posted November 30, 2018 16 minutes ago, Moshe said: Tracking the IP, and hit them until they are too stupid to do it anymore? The IP is almost always spoofed or they use one out of the countless hacked servers within their bot network. 1 Link to comment Share on other sites More sharing options...
Moshe Posted November 30, 2018 Share Posted November 30, 2018 29 minutes ago, crockett said: The IP is almost always spoofed or they use one out of the countless hacked servers within their bot network. That depends on the software you have to follow it from the spoof site and beyond,Ā Link to comment Share on other sites More sharing options...
crockett Posted December 1, 2018 Share Posted December 1, 2018 (edited) 54 minutes ago, Moshe said: That depends on the software you have to follow it from the spoof site and beyond,Ā Ā And is this software then hacking the compromised host in order to install some port sniffing instances, just to find out that the master bot sits somewhere in the Ukraine, handled remotely by somebody in China? What was the last time you could get some coop done with Chinese authorities? We are talking hackers, not some scammer losers with no plan sitting somewhere in the US trying to place some online orders with stolen credit cards. 90 plus percent of current hackers sit in countries like Russia and China. And probably half of all Chinese hackers get their paycheck from their government. The only thing that makes sense (and works) are passive security measures, like a commercial grade (hardware) firewall, hardened / updated / regularly backuped systems behind that wall, and notĀ to open email attachments from unknown sources as well as staying away from invested websites. Or by keep everythingĀ offline. Edited December 1, 2018 by crockett Link to comment Share on other sites More sharing options...
pipedreams Posted December 1, 2018 Author Share Posted December 1, 2018 (edited) 22 hours ago, Moeman said: So... what is a home remedy? It;s not affecting all router, mostly older models if I read correctly.Ā Edited December 1, 2018 by pipedreams Link to comment Share on other sites More sharing options...
crockett Posted December 1, 2018 Share Posted December 1, 2018 10 hours ago, Moeman said: So... what is a home remedy? DisableĀ UPnP in your router or look for a routerĀ firemware update that closes theĀ EternalBlue (CVE-2017-0144)Ā exploit. 2 Link to comment Share on other sites More sharing options...
minderasr Posted December 1, 2018 Share Posted December 1, 2018 (edited) 11 hours ago, crockett said: DisableĀ UPnP in your router or look for a routerĀ firemware update that closes theĀ EternalBlue (CVE-2017-0144)Ā exploit. Disabling UPnP and using a strong password should be the first steps in a router installation.Ā Good luck on the firmware update if you own a Linksys.Ā I think they release updates about once every ten years or so...if you're lucky. Edited December 1, 2018 by minderasr Link to comment Share on other sites More sharing options...
pipedreams Posted December 1, 2018 Author Share Posted December 1, 2018 (edited) 42 minutes ago, minderasr said: Disabling UPnP and using a strong password should be the first steps in a router installation.Ā Good luck on the firmware update if you own a Linksys.Ā I think they release updates about once every ten years or so...if you're lucky. You brought up a good point.Ā People tend to get their router set up and then never go back and check for firmware updates.Ā Another way to go if no updates are being provided is third party which is usually much better and superior the original.Ā DD-WRT, OpenWRT, and Tomato are the most heard of.Ā I use the ASUS Merlin which is a version of DD-WRT for ASUS routers.Ā I'm not that qualified on the subject but there are others here that are and willing to assist.Ā I ask some questions on VPN a while back and got some good info and pointed to a much better VPN provider. Anyone interested might find the following sites of interest. https://lifehacker.com/how-to-choose-the-best-firmware-to-supercharge-your-wi-1694982764 https://lifehacker.com/how-to-supercharge-your-router-with-dd-wrt-508138224 Edited December 1, 2018 by pipedreams 1 Link to comment Share on other sites More sharing options...
minderasr Posted December 2, 2018 Share Posted December 2, 2018 On 12/1/2018 at 7:41 AM, pipedreams said: You brought up a good point.Ā People tend to get their router set up and then never go back and check for firmware updates.Ā Another way to go if no updates are being provided is third party which is usually much better and superior the original.Ā DD-WRT, OpenWRT, and Tomato are the most heard of.Ā I use the ASUS Merlin which is a version of DD-WRT for ASUS routers.Ā I'm not that qualified on the subject but there are others here that are and willing to assist.Ā I ask some questions on VPN a while back and got some good info and pointed to a much better VPN provider. Anyone interested might find the following sites of interest. https://lifehacker.com/how-to-choose-the-best-firmware-to-supercharge-your-wi-1694982764 https://lifehacker.com/how-to-supercharge-your-router-with-dd-wrt-508138224 Although I have used DD-WRT in the past, I'm always worried about bricking my router trying to use third party firmware.Ā I'd like to give it a shot on my WRT1900AC (v1).Ā But I have no other option if I bork it up, and it's currently running smoothly, without issue. Configuring third party firmware is another potential problem, if you're not router savvy. Decisions, decisions. Link to comment Share on other sites More sharing options...
pipedreams Posted December 2, 2018 Author Share Posted December 2, 2018 5 minutes ago, minderasr said: Although I have used DD-WRT in the past, I'm always worried about bricking my router trying to use third party firmware.Ā I'd like to give it a shot on my WRT1900AC (v1).Ā But I have no other option if I bork it up, and it's currently running smoothly, without issue. Configuring third party firmware is another potential problem, if you're not router savvy. Decisions, decisions. Anyone uncomfortable installing it can buy routers preloaded with DD-WRT on E bay and other places.Ā Configuring is no more difficult than the original. https://dd-wrt.com/ https://www.ebay.com/sch/i.html?LH_CAds=&_ex_kw=&_fpos=&_fspt=1&_mPrRngCbx=1&_nkw=dd-wrt+router&_sacat=&_sadis=&_sop=12&_udhi=&_udlo=&_fosrp=1 https://www.bestvpn.com/vpn-comparison/5-best-dd-wrt-routers/ Ā Link to comment Share on other sites More sharing options...
minderasr Posted December 2, 2018 Share Posted December 2, 2018 Well I grew a pair and gave it a try.Ā Downloaded factory-to-ddwrt.bin, reset the router to factory defaults (after backing up the config), and loaded the bin via the GUI.Ā Router said the firmware loaded successfully and would reboot.Ā Failed miserably.Ā Came back to the original firmware. Tried resetting the router hoping it would boot into DDWRT, nope.Ā Tried the entire procedure a second time, same results. So just to be sure I reloaded the factory firmware, restored from the backup config, and I'm back to where I started. Oh well. 1 2 Link to comment Share on other sites More sharing options...
Suspect Unknown Posted December 2, 2018 Share Posted December 2, 2018 The first thing that occurred to me was, to useĀ a password with your router. Most people overlook that. 1 Link to comment Share on other sites More sharing options...
pipedreams Posted December 4, 2018 Author Share Posted December 4, 2018 On 12/2/2018 at 3:22 PM, Suspect Unknown said: The first thing that occurred to me was, to useĀ a password with your router. Most people overlook that. I believe that was mentioned in the first line of the OP. "Worth a read, just be sure your router is locked down." Link to comment Share on other sites More sharing options...
Suspect Unknown Posted December 4, 2018 Share Posted December 4, 2018 (edited) 7 minutes ago, pipedreams said: I believe that was mentioned in the first line of the OP. "Worth a read, just be sure your router is locked down." Thank you, but it occurred to me without reading the article, so I mentioned it. Not using a PW in a router, is the most common mistake that people make, and the easiest to fix. A person could type in x1 as a PW, and be ahead of what most others do. Which is nothing. Edited December 4, 2018 by Suspect Unknown 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now