Does the VPNFilter malware affect ASUS Routers?
- Thread starter AntonK
- Start date
Discussion from yesterday:
https://www.snbforums.com/threads/ai-protection-vpnfilter-affecting-home-routers.46811/
https://www.snbforums.com/threads/ai-protection-vpnfilter-affecting-home-routers.46811/
MustacheSwe
Occasional Visitor
FYI --
I have now seen three seemingly unrelated reports from individuals claiming that they have recently discovered that their Asus router started behaving strange, and that a new VPN client has been created. They all speculate that this could have something to do with VPNFilter. Two of the individuals were running the stock Asus WRT firmware, one claims to have been using Merlin's firmware. As far as I have seen, they all were using updated firmware, and did not have any spectacularly unsecure configuration (at least one may have had remote access enabled, from using Asus' smartphone app.
Sources:
I have now seen three seemingly unrelated reports from individuals claiming that they have recently discovered that their Asus router started behaving strange, and that a new VPN client has been created. They all speculate that this could have something to do with VPNFilter. Two of the individuals were running the stock Asus WRT firmware, one claims to have been using Merlin's firmware. As far as I have seen, they all were using updated firmware, and did not have any spectacularly unsecure configuration (at least one may have had remote access enabled, from using Asus' smartphone app.
Sources:
- https://www.reddit.com/r/HomeNetworking/comments/8m95re/asus_ac68u_hacked_vpnfilter/
- https://www.reddit.com/r/HomeNetwor...d_unknown_vpn_on_my_router_was_router_hacked/
- (the third report was written yesterday in the Facebook "Synology Admins & Users" Group, but for som reason that whole thread was deleted yesterday (possibly due to the fact that the thread had nothing to to with Synology)). The story was similar -- a fairly tech-savvy user (i.e., not using outdated firmware or crap-settings) discovered a newly created VPN on the router
No Asus router, or any other router tbh, can be affected by a remote exploit like VPNFilter if it has no WAN ports open.
Unfortunately, it is surprisingly easy to open up such ports on Asus routers, especially by the Asus mobile app. Exactly as one of those Reddit links you posted made clear.
Just follow the usual security practices, avoid the Asus mobile app, and you will be and would have been fine: https://routersecurity.org/checklist.php
Unfortunately, it is surprisingly easy to open up such ports on Asus routers, especially by the Asus mobile app. Exactly as one of those Reddit links you posted made clear.
Just follow the usual security practices, avoid the Asus mobile app, and you will be and would have been fine: https://routersecurity.org/checklist.php
ColinTaylor
Part of the Furniture
@MustacheSwe There's already a thread about VPNFilter here as noted in post #2.
Similar threads
Similar threads
Similar threads
-
-
-
-
Does Reboot Scheduler on Primary Reboot Mesh Nodes on Merlin FW
- Started by jksmurf
- Replies: 6
-
i have a public ip block with dns names but when set domain router does not resolve them
- Started by lgkahn
- Replies: 1
-
Does minidlna get installed by default (asuswrt-merlin 3006.102.5)
- Started by chrisisbd
- Replies: 2
-
AdGuard Home+Unbound in proxmox does not work properly with Asus AX88U Pro
- Started by Hus1337
- Replies: 6
-
Suddenly, GUI won't accept long-standing username/password, but SSH does
- Started by bpsmicro
- Replies: 9
-
Latest threads
-
GT-AX6000 on firmware 3.0.0.4.388_22068. What do I have to do to install Merlin?
- Started by urbanracer34
- Replies: 4
-
-
-
-
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!
Staff online
-
RMerlinAsuswrt-Merlin dev