You beat me to it. Everybody needs to patch your routers with the latest firmware.
"The U.S. Department of Homeland Security said it was investigating the malware, which targets devices from Linksys, MikroTik, Netgear Inc, TP-Link and QNAP, advising users to install security updates. "
https://www.msn.com/en-us/news/tech...ned-russian-attack/ar-AAxHeFg?ocid=spartanntp
The only thing that calms me down is that this list lacks ASUS"The U.S. Department of Homeland Security said it was investigating the malware, which targets devices from Linksys, MikroTik, Netgear Inc, TP-Link and QNAP, advising users to install security updates. "
How do you think, Merlin, is Merlin firmware can be affected? Could we make any prevention steps?Nobody can provide any attack vector yet. The only common things I could see between these devices are PPTP support, or end-user using weak credentials.
The only thing that calms me down is that this list lacks ASUS
We have not completed our research, but recent events have convinced us that the correct way forward is to now share our findings so that affected parties can take the appropriate action to defend themselves.
...
Publishing early means that we don't yet have all the answers — we may not even have all the questions — so this blog represents our findings as of today, and we will update our findings as we continue our investigation.
Both the scale and the capability of this operation are concerning. Working with our partners, we estimate the number of infected devices to be at least 500,000 in at least 54 countries.
....
The following devices are known to be affected by this threat. Based on the scale of this research, much of our observations are remote and not on the device, so it is difficult to determine specific version numbers and models in many cases. It should be noted that all of these devices have publicly known vulnerabilities associated with them.
Given our observations with this threat, we assess with high confidence that this list is incomplete and other devices could be affected.
So, you didn't read the original report?
In general for all wired routers, unless you have enabled remote WAN or have UPnP or other protocols or services on the WAN, you should be safe from remote exploits due to NAT + firewall.
How do you think, Merlin, is Merlin firmware can be affected? Could we make any prevention steps?
Running a PPTP server would do just that - expose itself to the WAN.
Yep. As I understand it, PPTP just exposes 1723th port to Internet.
Nobody can provide any attack vector yet. The only common things I could see between these devices are PPTP support, or end-user using weak credentials.
With that said, I'm curious if we should disable all those Passthroughs on the "WAN - NAT Passthrough" tab under "WAN"? Also, is there a setting that allows for the router to be ping-able from the WAN, is this the "Respond ICMP Echo (ping) Request from WAN" that's under "Firewall" tab, "General" section?And since PPTP is old code, and is a weak/vulnerable protocol in itself, it could be a good potential attack vector.
People should ditch PPTP as soon as possible, and move to more modern technologies.
But based on the initial report, it's possible that they are using multiple attack vectors to infect devices, depending on the specific device's vulnerability. So at this point, all people can do is stick to the usual best security practices.
Upgrading firmware is not a fix. Reset to factory defaults and then upgrade firmware is the fix.
Is this confirmed?
With that said, I'm curious if we should disable all those Passthroughs on the "WAN - NAT Passthrough" tab under "WAN"?
Also, is there a setting that allows for the router to be ping-able from the WAN?
Noted, thanks Eric.Those shouldn't be an issue, as they only affect outbound traffic, they do not open any inbound port on their own.
Yes, on the Firewall -> General page. By default Asuswrt will not respond to pings received on the WAN side.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!