VPNfilter: Still more routers are at risk
Walter Miller, AJ6T
aj6t at comcast.net
Thu Jun 14 21:58:34 EDT 2018
What a horrendous mess this is. Is it true (or not) that the infection
had to start by getting into the router using default user name and
password? In other words, if the default user name and password had
been changed prior to the attempted infection, the router could not be
infected?
Another question: Isn't this recommendation from the end of Part 2 of
the SophosLabs analysis a bit backwards since it leaves the router in
factory default condition:
* Regardless of whether you think your device has been hacked, power
cycle the device, flash the latest firmware over the top of
whatever’s on there, and perform a factory reset on the firmware
(this shouldn’t result in file loss on NAS devices, just a reset of
all configured settings, which you’ll have to redo)
I think this is the correct sequence to ensure safety:
1. Reboot the router
2. Connect your PC to the router via an Ethernet cable. Login and
disable remote administration
3. Download the latest firmware from the vendor and save it on your PC.
Disconnect router from the Internet.
4. Save router configuration information to your PC
5. Perform factory reset
6. Change admin user name and password. Flash latest firmware (already
saved) and restore router configuration (already saved)
PS: The Morse code on the audio file on the nakedsecurity.sophos.com
site was a nice touch.
73, Walt, AJ6T
On 6/11/2018 7:13 PM, RICHARD BARTH wrote:
>
> https://nakedsecurity.sophos.com/2018/06/11/check-your-router-list-of-routers-affected-by-vpnfilter-just-got-bigger/
>
>
>
> _______________________________________________
> Tacos mailing list
> Tacos at amrad.org
> https://lists.amrad.org/mailman/listinfo/tacos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amrad.org/pipermail/tacos/attachments/20180614/b0d6d04e/attachment.html>
More information about the Tacos
mailing list