threatpost.com
>In updated research, Cisco Talos said the range of targeted routers now includes those made by manufacturers ASUS, D-Link, Huawei, Ubiquiti, UPVEL and ZTE, bringing the total number of router models targeted by VPNFilter adversaries to 75.
Fuck.
Linux: not even once.
Can I install Windows with antivirus to my router?
how to check if my router is infected?
Some people report it changes DNS settings inside router, also some other settings like turning on VPN to botnet you hard.
Also, sometimes even hard reset won't help I heard it's possible to totally compromise router once they got you, and you're fucked.
Doesn't the malware affect only routers with remote administration enabled and using the default username/password combination?
It uses a lot of vulnerabilities too.
Known infected devices include:
Asus: RT-AC66U, RT-N10, RT-N10E, RT-N10U, RT-N56U, and RT-N66U.
D-Link: DES-1210-08P, DIR-300, DIR-300A, DSR-250N, DSR-500N, DSR-1000, and DSR-1000N.
Huawei: HG8245.
Linksys: E1200, E2500, E3000 E3200, E4200, RV082, and WRVS4400N.
Mikrotik: CCR1009, CCR1016, CCR1036, CCR1072, CRS109, CRS112, CRS125, RB411, RB450, RB750, RB911, RB921, RB941, RB951, RB952, RB960, RB962, RB1100, RB1200, RB2011, RB3011, RB Groove, RB Omnitik, and STX5.
Netgear: DG834, DGN1000, DGN2200, DGN3500, FVS318N, MBRN3000, R6400, R7000, R8000, WNR1000, WNR2000, WNR2200, WNR4000, WNDR3700, WNDR4000, WNDR4300, WNDR4300-TN, and UTM50.
QNAP: TS251, TS439 Pro, and other QNAP NAS devices running QTS software.
TP-Link: R600VPN, TL-WR741ND, and TL-WR841N.
Ubiquiti: NSM2 and PBE M5.
ZTE: ZXHN H108N.
i memed myself and got a netgear 6400. just a factory reset, update firmware and changed admin pw. hopefully that stems the malware. i had noticed odd behavior and attributed it to the router, but that's been for months. maybe I had been infected all along?
>so many tranny searches
well ivan, you know my great shame use it wisely.
Also, open router's web interface and check which ports it listens. Check anything unusual ports, check for known 8888 malware's port. You also can check these known IPs in log of your router connections:
91.121.109.209
217.12.202.40
94.242.222.68
82.118.242.124
46.151.209.33
217.79.179.14
91.214.203.144
95.211.198.231
195.154.180.60
5.149.250.54
94.185.80.82
62.210.180.229
91.200.13.76
23.111.177.114
I recommend you totally block any access from local PCs to your router via firewall. Block outgoing connections to your router's IP to any port from any port, it'll not prevent you from accessing Internet, but it should block any malware shit attacking your router if you get malicious Scripts from some site, because it's almost an obvious way to infect you. Not sure how ISPs networks in USA and other countries handle, I think there is a low chance to be infected from inside ISP network, usually you are fucked by your fucking COMMONSENSE without antivirus protection and by using shit browser without plugins to block scripts and stuff in web.
Ivan doesn't know about your searches as long as you're using HTTPS.
what exploits does it use? I have WNDR3400 flashed openwrt am I safe lads?
> using some shitty router no one knows of neither uses
> not affected
Feelsgoodman.jpg
that just means nobody will ever tell you if you could be
Malware uses a variety of vulnerabilities to attack a shit ton of routers en masse, that's wht it's spooky and everyone should check their router.
this shit is serious, bump
>hurr durr muh russian hackers
>believing lies told by the infosec industry
jfc people are retarded
Hello, fellow CommonSenser, how is it going in a delusion dimension?
just flash openwrt in your router, you fucking retard
also, people have been pwning routers for decades, it's not just russians, could be anyone
While you retards are at it, create a local admin which you authenticate to when you want admin rights on your computer, and remove admin rights from your normal day-to-day user (similar to linux setups).
Also, turn on windows defender and it's features and only run programs you trust.
Keep personal documents/settings in your user folder (example: openvpn config files + passwd/auth file - put these in the config folder located under C:\Users\\OpenVPN and not the program files folder).
It's common fucking sense but not a lot of people follow these tips.
>router behind 2 NATs
If he can reach it from the internet I'll gladly just let him.
How the fuck does it help?
To establish the connection you have to be reachable. And if you are reachable they got your ip (NAT ip+ port which points to you).
Could be done just by simply visiting the site.
Wow. Please learn some basic networking before you embarrass yourself further.
another reason that https (specifically TLS or any endpoint to endpoint encryption+authentication scheme) is a must, we should assume that anything between communicating nodes is a threat including LANs and home routers
Google for example must start punishing websites and apps that do not use secure communications
bump
>no WRT1200AC
wew lads
