Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Home Routers Under Attack by NSA-Spawned Malware: What to D
tomsguide.com ^ | 11/29/2018 | Marshall Honorof ยท Editor

Posted on 11/30/2018 6:44:46 AM PST by BenLurkin

What you should do is factory-reset your router, disable UPnP, then check for firmware updates, since some companies have patched the vulnerability out. This won’t fix any other compromised systems, but it’s a necessary first step.

After that, you can factory-reset any other internet-connected device that you’re concerned about. You might also want to just buy a new router, as recent models do not appear to be susceptible to this type of attack.

This information comes from a blog post entitled "UPnProxy: EternalSilence" penned by researchers at Cambridge, Massachusetts-based data management firm Akamai.

Cybercriminals have learned how to take advantage of the UPnP protocols on older routers and get past the routers to directly attack Windows PCs on home and small-business networks. Akamai has dubbed this flaw “UPnProxy.” The most recent slew of attacks comes from an exploit that Akamai calls “EternalSilence” in a nod to the NSA-developed “Eternal” family of malicious code injections.

The bottom line is clear enough: Your router is the gateway to every connected device in your home, from your computer, to your phone, to your smart TV, to your smart light bulbs. If your router has been compromised, it’s possible that every other device in your home has followed suit.

Unfortunately, checking to see if you’ve been infected is hard, as antivirus software doesn’t normally scan routers. (A few products have begun to do so.) If malware makes it as far as your computer or game console, though, it’ll be easier to notice.

Dozens of routers could fall prey to this scheme, including models from Asus, D-Link and Netgear. The majority of models listed, though, are business-oriented devices that are popular in Europe and Asia, such as those from Axler, EFM, Netis and Ubiquiti.

(Excerpt) Read more at tomsguide.com ...


TOPICS: Computers/Internet
KEYWORDS: kmg; malware; routers; spyware; tomsguide
Navigation: use the links below to view more comments.
first previous 1-2021-4041-50 last
To: texas booster

thanks for the link!!!

great pages..


41 posted on 11/30/2018 9:51:55 PM PST by bitt ("Let justice be done though the heavens fall".)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Stevenc131
My Netgear router is 3 or so years old, so I guess it’s vulnerable.

It has been possible to disable UPnP in Netgear routers for a lot longer than three years. Whoever set up the router may have already done it. I always do.

42 posted on 11/30/2018 11:11:06 PM PST by TChad
[ Post Reply | Private Reply | To 4 | View Replies]

To: Salamander
Might just be your router's default setting.

My router is a Frontier Comms DSL modem/wireless combo, on which UPnP has always been disabled, and the only open inbound ports are for ping (which my ISP uses to diagnose problems so I don't mind that).

"Stealth mode" was not enabled, but I've now enabled it. Normally if a router is contacted on a closed port, it responds saying it's closed. Stealth mode changes that response behavior to silence -- it appears as if the router doesn't exist.

FWIW, enabling stealth mode shouldn't make any functional difference other than you might disappoint the random scans done by the hackers and spammers.

43 posted on 12/01/2018 8:39:59 AM PST by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
[ Post Reply | Private Reply | To 39 | View Replies]

To: dayglored

Mine is one of the Netgears that looks like a stealth fighter jet, with antennas.

I have no idea what I’m doing.

:)


44 posted on 12/01/2018 1:08:52 PM PST by Salamander (My Soul's On Fire...)
[ Post Reply | Private Reply | To 43 | View Replies]

To: Salamander
Mine is one of the Netgears that looks like a stealth fighter jet, with antennas.

Sounds like some version of a Nighthawk router.

The easy part is step 2, disabling your UPnP, which goes something like this IF it is one of the listed routers:

https://kb.netgear.com/24306/How-do-I-enable-Universal-Plug-and-Play-on-my-Nighthawk-router

The hard part is step 1, configuring your router to reconnect to your ISP and your devices after you reset it, erasing your router passwords and special settings. Actually, it's not usually hard to do, it just takes time to explain.

45 posted on 12/01/2018 6:54:43 PM PST by TChad
[ Post Reply | Private Reply | To 44 | View Replies]

To: TChad

Yeah, that’s the name of it.

It I disable that, my network cams won’t work, I don’t think.


46 posted on 12/01/2018 7:33:36 PM PST by Salamander (My Soul's On Fire...)
[ Post Reply | Private Reply | To 45 | View Replies]

To: BenLurkin

Bfl


47 posted on 12/01/2018 8:44:18 PM PST by martin_fierro (< |:)~)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Salamander
It I disable that, my network cams won’t work, I don’t think.

If that's the way they were set up, you are right. If you wanted to spend the time, you could probably configure their connections manually after disabling UPnP in both the router and the cameras.

Here's something you can do that requires little time, and that can greatly enhance your router security. Just update the router firmware:

https://kb.netgear.com/23442/How-do-I-update-my-NETGEAR-router-firmware-using-the-Check-button-in-the-router-s-web-interface

While a firmware update is very likely to work without problems, there is always a remote chance that it will screw something up. If that happens you can reset the router to factory defaults, or install a previous version of the firmware.

You may have to reconnect your devices after the update, since internet access will be briefly interrupted.

Good luck.

48 posted on 12/01/2018 10:39:23 PM PST by TChad
[ Post Reply | Private Reply | To 46 | View Replies]

To: BenLurkin
Thanks for posting this. It got me off my ass and made me do a firmware upgrade of my router. Loading firmware on a router is always scary, because there is always a possibility you end up with a brick, but it worked fine, and the new firmware has lots of new features, which I'm going to have to talk about with one of the network gurus that I work with about. Last time I looked, which was some time ago, there wasn't an upgrade available. Now there is. Also took the opportunity to tighten up security a bit.
49 posted on 12/02/2018 11:04:20 AM PST by zeugma (Power without accountability is fertilizer for tyranny.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Stevenc131

Just hook up a Fence Charger to the antenna, Kitty will get the point. ๐Ÿ˜‡

/sarc


50 posted on 08/25/2021 3:43:22 PM PDT by mabarker1 ((Congress- the opposite of PROGRESS!!! A fraud, a hypocrite, a liar. I'm a member of Congress !!!!)
[ Post Reply | Private Reply | To 4 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-50 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson