Thanks to House Atreides for the ping!
Posted on 11/30/2018 6:44:46 AM PST by BenLurkin
What you should do is factory-reset your router, disable UPnP, then check for firmware updates, since some companies have patched the vulnerability out. This won’t fix any other compromised systems, but it’s a necessary first step.
After that, you can factory-reset any other internet-connected device that you’re concerned about. You might also want to just buy a new router, as recent models do not appear to be susceptible to this type of attack.
This information comes from a blog post entitled "UPnProxy: EternalSilence" penned by researchers at Cambridge, Massachusetts-based data management firm Akamai.
Cybercriminals have learned how to take advantage of the UPnP protocols on older routers and get past the routers to directly attack Windows PCs on home and small-business networks. Akamai has dubbed this flaw “UPnProxy.” The most recent slew of attacks comes from an exploit that Akamai calls “EternalSilence” in a nod to the NSA-developed “Eternal” family of malicious code injections.
The bottom line is clear enough: Your router is the gateway to every connected device in your home, from your computer, to your phone, to your smart TV, to your smart light bulbs. If your router has been compromised, it’s possible that every other device in your home has followed suit.
Unfortunately, checking to see if you’ve been infected is hard, as antivirus software doesn’t normally scan routers. (A few products have begun to do so.) If malware makes it as far as your computer or game console, though, it’ll be easier to notice.
Dozens of routers could fall prey to this scheme, including models from Asus, D-Link and Netgear. The majority of models listed, though, are business-oriented devices that are popular in Europe and Asia, such as those from Axler, EFM, Netis and Ubiquiti.
(Excerpt) Read more at tomsguide.com ...
... simply disable UPnP on your router?
Here's the affected Netgear models:
NETGEAR
R2000, WNDR3700, WNDR4300v2, WNR2000v4
Sounds like a press release from Cisco Systems.
Gibson Research Corporation
I used to use GRC’s ShieldsUp! ports scanner.
GRC has a UPnP Exposure Test link on their home page. Arrow down to the second yellow-background box.
https://www.grc.com/default.htm
==
The scan indicated that my UPnP was not exposed.
I bought my cable/modem router last year and did not make any adjustments. Netgear AC1750, Model C6300.
Akamai has a white paper that lists the affected manufacturers and models. (See: UPnProxy: Blackhat Proxies via NAT Injections)
bbb
For use when I get home
Again? Didn’t this happen some months ago?
I don't know of any routers running Microsoft Windows ... do you?
The Internet of Things is a stupid idea that’s going to blow up in our face one day.
Bkmk
I’m a fan of DD-WRT router firmware. Matter of fact, several years ago I bought a buffalo router because it came stock with the DD-WRT firmware image. Unfortunately, it has been somewhat problematic for me in that there doesn’t seem to be any firmware updates for it pretty much since I set it up.
Is there anyone in freeperland who can recommend a good 5/2.4 router that is compatible with DD-WRT that I can actually keep current on security updates?
Thanks to House Atreides for the ping!
Bkmrk.
Yay! Amped Wireless doesn’t have a router on the list. They did have some DNS thing I had to turn off a while back, though.
Is there anyone in freeperland who can recommend a good 5/2.4 router that is compatible with DD-WRT that I can actually keep current on security updates?"
The creation and maintaining of the 3rd-party firmwares for each individual model of rooter is almost always a one-man operation. The developer/maintainers are a finite resource, and most do this for the love of it, so they have limited resources to apply to the individual rooter model.
Pick a rooter you're interested in that's supported by DD-WRT, Open-WRT, Tomato, etc, then track him down and ask the maintainer himself his intentions. Most maintain a presence in the forum of their particular firmware (my ASUS's Merlin firmware was created by screenname 'john9527' at github, the snbforums, asuswrt and others). That's the closest you can come to knowing the potential development schedule. If you're satisfied with his answers, buy the rooter.
Then pray he doesn't catch ebola, get hit by lightning, marry someone named Kardashian or have his life cut short or otherwise ruined in general.
Much of the IoT junk coming from Asia may be running a Linux variant but poor programming practices will leave a device wide open.
Just as on a Mac, the underlying OS may be secure in a certain configuration but any dependent programs also need to be secured and regularly updated.
i have an Arris- and that wasn’t listed- wonder if they tested all models, or not?
Through no fault or accomplishment of my own, all mine come up “stealthed”.
No idea how I did that, if *I* even did.
Maybe it’s just my router.
Thanks
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.