winstoncafe
New Around Here
Hi all, right now I am out of my house. When I was trying to ssh to AC68U @374.41 (Merlin build), which I haven't done so for some weeks, I got the following message:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
AA:BB:CCD:EE:FF:GG:HH:II:JJ:KK:LL:MM:NN:OOP.
Please contact your system administrator.
Add correct host key in /home/~/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/~/.ssh/known_hosts:11
remove with: ssh-keygen -f "/home/~/.ssh/known_hosts" -R [192.168.1.1]:23
ECDSA host key for [192.168.1.1]:23 has changed and you have requested strict checking.
Host key verification failed.
I have also noticed an unusual reboot of AC68U 6+ hours ago (my timezone is +0800, time now 14:55):
-rw-rw-rw- 1 admin root 11 Jun 12 08:26 commit_ret
AC68U was not opened to WAN on ssh port 22/23 (I configured ssh at port 23, disallowing access from WAN).
Internet administration was not opened too.
At that time, one little Windows XP was up and running unattended. Port 443 was opened to WAN for HTTPS.
Please tell me if anything I could check up if my router was really compromised. I will upgrade firmware ASAP. But will that be unhelpful?
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
AA:BB:CCD:EE:FF:GG:HH:II:JJ:KK:LL:MM:NN:OOP.
Please contact your system administrator.
Add correct host key in /home/~/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/~/.ssh/known_hosts:11
remove with: ssh-keygen -f "/home/~/.ssh/known_hosts" -R [192.168.1.1]:23
ECDSA host key for [192.168.1.1]:23 has changed and you have requested strict checking.
Host key verification failed.
I have also noticed an unusual reboot of AC68U 6+ hours ago (my timezone is +0800, time now 14:55):
-rw-rw-rw- 1 admin root 11 Jun 12 08:26 commit_ret
AC68U was not opened to WAN on ssh port 22/23 (I configured ssh at port 23, disallowing access from WAN).
Internet administration was not opened too.
At that time, one little Windows XP was up and running unattended. Port 443 was opened to WAN for HTTPS.
Please tell me if anything I could check up if my router was really compromised. I will upgrade firmware ASAP. But will that be unhelpful?