Posted on 11/30/2018 6:44:46 AM PST by BenLurkin
What you should do is factory-reset your router, disable UPnP, then check for firmware updates, since some companies have patched the vulnerability out. This won’t fix any other compromised systems, but it’s a necessary first step.
After that, you can factory-reset any other internet-connected device that you’re concerned about. You might also want to just buy a new router, as recent models do not appear to be susceptible to this type of attack.
This information comes from a blog post entitled "UPnProxy: EternalSilence" penned by researchers at Cambridge, Massachusetts-based data management firm Akamai.
Cybercriminals have learned how to take advantage of the UPnP protocols on older routers and get past the routers to directly attack Windows PCs on home and small-business networks. Akamai has dubbed this flaw “UPnProxy.” The most recent slew of attacks comes from an exploit that Akamai calls “EternalSilence” in a nod to the NSA-developed “Eternal” family of malicious code injections.
The bottom line is clear enough: Your router is the gateway to every connected device in your home, from your computer, to your phone, to your smart TV, to your smart light bulbs. If your router has been compromised, it’s possible that every other device in your home has followed suit.
Unfortunately, checking to see if you’ve been infected is hard, as antivirus software doesn’t normally scan routers. (A few products have begun to do so.) If malware makes it as far as your computer or game console, though, it’ll be easier to notice.
Dozens of routers could fall prey to this scheme, including models from Asus, D-Link and Netgear. The majority of models listed, though, are business-oriented devices that are popular in Europe and Asia, such as those from Axler, EFM, Netis and Ubiquiti.
(Excerpt) Read more at tomsguide.com ...
Of possible interests.
Your Tax Dollars once again at work.
My Netgear router is 3 or so years old, so I guess it’s vulnerable. We have to get the enclosed, boxy wi-fi routers with the hidden antennas because the cat chews up the antennas if they are exposed.
The most recent slew of attacks comes from an exploit that Akamai calls “EternalSilence” in a nod to the NSA-developed “Eternal” family of malicious code injections.
- -
Yet another case where a U.S. spy agency is hurting its own citizens. Between outright incompetence, such as ignoring warnings about the Boston Marathon bomber, to culpability, like the Las Vagas mass shooting, our spy agencies are a clear and present danger to the public.
It’s impossible to tell if you’re infected - but the answer is to go out, spend $100 and buy a new router.
Lemme think....
Nah.
bookmark
Nothing is safe.
Heh, another Windows problem eh? Don’t see any Apple products listed in the article.
Agency executives and their sycophant bureaucrats put their interests and careers first. They don’t have much fear or incentive to do otherwise.
Standards for accountability, professional integrity and performance expectations have to start at the top and be enforced down through the cabinet members and be driven into the executive branch bureaucracies. The problem is, no one in government is ever held accountable for anything.
My personal favorite is DD-WRT but their price of admission is pretty dear because their user forum is famously caustic (but they seem to be getting less belligerent), which can make getting your foot in the door exasperating.
* "router" as pronounced by the typical Bangalorean tech support agent.
“Heh, another Windows problem eh? Don’t see any Apple products listed in the article.”
Perhaps it’s because Apple does not make routers anymore...
> Heh, another Windows problem eh? Don’t see any Apple
> products listed in the article.
I don’t see linux listed, either, and you can get a linux device for a LOT less than an aplle anything.
For your computer, go here:
https://www.grc.com/unpnp/unpnp.htm
Download and run the tiny program and secure your computer.
Securing the router is a bit harder but the theory is the same.
Here is another link to test UPnP on your network:
https://www.grc.com/x/ne.dll?bh0bkyd2
For the old timers here, this is all Steve Gibson stuff, maker of SpinRite.
And it is all free.
"It’s impossible to tell if you’re infected - but the answer is to go out, spend $100 and buy a new router...."
That is nowhere stated. The article further states that a "factory reset" will remove the infection. So easy a cave man could do it.
Bkmrk.
Or...disable Windows. Get Linux. The ultimate Windows Service Pack.
Fyi
I got:
Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that’s very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.
And the other tests had everything “stealth”.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.