Recent content by Insight

Had not seen that report yet, very nice share!

It makes me wonder, when did it start, how accurate is the assessment of 500,000 devices and what was the intent? Were we going to wake up one morning and the internet was down due to a DDoS on the DNS root servers? Were they going to hit another nation?

Wow had no idea that was a thing. Had to look at it and as soon as I saw DNS it clicked. Also agree that the router (firewall) is way better than nothing. I don't think the intent with the VPN malware is for harvesting but DDoS (guessing). Having over 500,000 device pointed at a handful of...

Lol, I didn't notice there was a legend. I think all their home use stuff is set to high. Is your device NAT'ed and not facing a publicly accessible IP? Also last nights alerts: https://www.abuseipdb.com/check/209.141.42.3 all three attempts within 3 hours of the previous

There's a handful of threads on VPNfilter already. While on this topic, would the malware require a reboot? If the persistence stays after a reboot, it makes me think yes. Rebooting a router daily would then stop one possible sign of infection.

Hm, saw a lot of noise from 142.0.37.221 last night. Pretty cool feature on these routers, although I wish it had some documentation to go along with it... https://www.abuseipdb.com/check/142.0.37.221

Oh don't disagree that is unlikely. But the Asus app would force Asus' DDNS (not third party) and WAN access enabled without any consent. The routers DDNS can be identified here (http://iplookup.asus.com/nslookup.php). Why scan the whole internet if I can get whats needed from one source? The...

Agree with this. The only thing to add is that DDNS is not an attack vector but an intel piece. How secure is that web front in that does the name resolution? How well is it protected and how hard is it from someone to get it to spill its guts and get everyone's WAN IP? If an attacker knew the...

Why knock when the doors wide open :cool:

Just keep waiting and rebooting. You'll never know the difference

Surprise- https://www.bleepingcomputer.com/news/security/the-vpnfilter-botnet-is-attempting-a-comeback/

Haaaaaaa A reboot isn't gonna save you. This countermeasure is only effective for stopping the known C2 domain after the FBI seized control. The malware is still persistent just cant talk. Roll the bot herder to new domains and you're back the same boat See Brief technical breakdown @...

Could make a better title for this? There's already tons of threads about temperature and various solutions for different setups. I can understand why ASUS went with passive cooling. It saves them money, give them less warranty claims, and a silent device is always ideal. But seriously add a...

Are you sure you're still not compromised?

It's unnecessary. Better?