Jump to content

Hackers are opening SMB ports on routers


pipedreams
 Share

Recommended Posts

54 minutes ago, Moshe said:

That depends on the software you have to follow it from the spoof site and beyond,Ā 

Ā 

And is this software then hacking the compromised host in order to install some port sniffing instances, just to find out that the master bot sits somewhere in the Ukraine, handled remotely by somebody in China? What was the last time you could get some coop done with Chinese authorities?

We are talking hackers, not some scammer losers with no plan sitting somewhere in the US trying to place some online orders with stolen credit cards. 90 plus percent of current hackers sit in countries like Russia and China. And probably half of all Chinese hackers get their paycheck from their government.

The only thing that makes sense (and works) are passive security measures, like a commercial grade (hardware) firewall, hardened / updated / regularly backuped systems behind that wall, and notĀ to open email attachments from unknown sources as well as staying away from invested websites. Or by keep everythingĀ offline.

Edited by crockett
Link to comment
Share on other sites

11 hours ago, crockett said:

DisableĀ UPnP in your router or look for a routerĀ  firemware update that closes theĀ EternalBlue (CVE-2017-0144)Ā exploit.

Disabling UPnP and using a strong password should be the first steps in a router installation.Ā  Good luck on the firmware update if you own a Linksys.Ā  I think they release updates about once every ten years or so...if you're lucky.

Edited by minderasr
Link to comment
Share on other sites

42 minutes ago, minderasr said:

Disabling UPnP and using a strong password should be the first steps in a router installation.Ā  Good luck on the firmware update if you own a Linksys.Ā  I think they release updates about once every ten years or so...if you're lucky.

You brought up a good point.Ā  People tend to get their router set up and then never go back and check for firmware updates.Ā  Another way to go if no updates are being provided is third party which is usually much better and superior the original.Ā  DD-WRT, OpenWRT, and Tomato are the most heard of.Ā  I use the ASUS Merlin which is a version of DD-WRT for ASUS routers.Ā  I'm not that qualified on the subject but there are others here that are and willing to assist.Ā  I ask some questions on VPN a while back and got some good info and pointed to a much better VPN provider.

Anyone interested might find the following sites of interest.

https://lifehacker.com/how-to-choose-the-best-firmware-to-supercharge-your-wi-1694982764

https://lifehacker.com/how-to-supercharge-your-router-with-dd-wrt-508138224

Edited by pipedreams
  • Like 1
Link to comment
Share on other sites

On 12/1/2018 at 7:41 AM, pipedreams said:

You brought up a good point.Ā  People tend to get their router set up and then never go back and check for firmware updates.Ā  Another way to go if no updates are being provided is third party which is usually much better and superior the original.Ā  DD-WRT, OpenWRT, and Tomato are the most heard of.Ā  I use the ASUS Merlin which is a version of DD-WRT for ASUS routers.Ā  I'm not that qualified on the subject but there are others here that are and willing to assist.Ā  I ask some questions on VPN a while back and got some good info and pointed to a much better VPN provider.

Anyone interested might find the following sites of interest.

https://lifehacker.com/how-to-choose-the-best-firmware-to-supercharge-your-wi-1694982764

https://lifehacker.com/how-to-supercharge-your-router-with-dd-wrt-508138224

Although I have used DD-WRT in the past, I'm always worried about bricking my router trying to use third party firmware.Ā  I'd like to give it a shot on my WRT1900AC (v1).Ā  But I have no other option if I bork it up, and it's currently running smoothly, without issue.

Configuring third party firmware is another potential problem, if you're not router savvy.

Decisions, decisions.

Link to comment
Share on other sites

5 minutes ago, minderasr said:

Although I have used DD-WRT in the past, I'm always worried about bricking my router trying to use third party firmware.Ā  I'd like to give it a shot on my WRT1900AC (v1).Ā  But I have no other option if I bork it up, and it's currently running smoothly, without issue.

Configuring third party firmware is another potential problem, if you're not router savvy.

Decisions, decisions.

Anyone uncomfortable installing it can buy routers preloaded with DD-WRT on E bay and other places.Ā  Configuring is no more difficult than the original.

https://dd-wrt.com/

https://www.ebay.com/sch/i.html?LH_CAds=&_ex_kw=&_fpos=&_fspt=1&_mPrRngCbx=1&_nkw=dd-wrt+router&_sacat=&_sadis=&_sop=12&_udhi=&_udlo=&_fosrp=1

https://www.bestvpn.com/vpn-comparison/5-best-dd-wrt-routers/

Ā 

Link to comment
Share on other sites

Well I grew a pair and gave it a try.Ā  Downloaded factory-to-ddwrt.bin, reset the router to factory defaults (after backing up the config), and loaded the bin via the GUI.Ā  Router said the firmware loaded successfully and would reboot.Ā  Failed miserably.Ā  Came back to the original firmware.

Tried resetting the router hoping it would boot into DDWRT, nope.Ā  Tried the entire procedure a second time, same results.

So just to be sure I reloaded the factory firmware, restored from the backup config, and I'm back to where I started.

Oh well.

  • Like 1
  • Sad 2
Link to comment
Share on other sites

On 12/2/2018 at 3:22 PM, Suspect Unknown said:

The first thing that occurred to me was, to useĀ a password with your router. Most people overlook that.

I believe that was mentioned in the first line of the OP.

"Worth a read, just be sure your router is locked down."

Link to comment
Share on other sites

7 minutes ago, pipedreams said:

I believe that was mentioned in the first line of the OP.

"Worth a read, just be sure your router is locked down."

Thank you, but it occurred to me without reading the article, so I mentioned it. Not using a PW in a router, is the most common mistake that people make, and the easiest to fix.

A person could type in x1 as a PW, and be ahead of what most others do. Which is nothing.

Edited by Suspect Unknown
  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Please Donate To TBS

    Please donate to TBS.
    Your support is needed and it is greatly appreciated.
×
×
  • Create New...