• March 28, 2024, 02:38:06 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: VPNFilter can survive reboots and contains destructive "kill" function  (Read 5173 times)

AmyC

  • Level 1 Member
  • *
  • Posts: 21

I apologize if this is not the right place to post this but the FBI has released notice that at least over 500k home and small business routers are infected. Any idea about what D-Link users can do beside a reboot and factory reset. We've done both these things but would love some firewall filter recommendations and such until a firmware update is available.
https://arstechnica.com/information-technology/2018/05/hackers-infect-500000-consumer-routers-all-over-the-world-with-malware/
Thanks in advance!
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Do you have one of the following effected devices?

    Linksys E1200
    Linksys E2500
    Linksys WRVS4400N
    Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
    Netgear DGN2200
    Netgear R6400
    Netgear R7000
    Netgear R8000
    Netgear WNR1000
    Netgear WNR2000
    QNAP TS251
    QNAP TS439 Pro
    Other QNAP NAS devices running QTS software
    TP-Link R600VPN

These were only listed and mentioned throughout the articles...


I apologize if this is not the right place to post this but the FBI has released notice that at least over 500k home and small business routers are infected. Any idea about what D-Link users can do beside a reboot and factory reset. We've done both these things but would love some firewall filter recommendations and such until a firmware update is available.
https://arstechnica.com/information-technology/2018/05/hackers-infect-500000-consumer-routers-all-over-the-world-with-malware/
Thanks in advance!
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

AmyC

  • Level 1 Member
  • *
  • Posts: 21

Quote
Do you have one of the following effected devices?
No. But they are stating these devices are likely just the tip of the iceberg (aka the one's they know about thus far).
"And since it’s unclear how compromised devices were infected in the first place, officials are urging users of all routers and NAS devices, not just the 14 devices identified by Cisco, to reboot."
https://www.digitaltrends.com/computing/vpnfilter-malware-router-reboot/
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Well nothing has been posted by D-Link as if yet. If your concerned about this, you can submit here:
https://support.dlink.com/ReportVulnerabilities.aspx

Until something is posted by D-Link, I would not worry about it too much. You can of course follow the recommendations for the other Mfrs of rebooting and disabling remote management in mean time.

D-Link is aware of all of this already I'm sure.  ::)

Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

AmyC

  • Level 1 Member
  • *
  • Posts: 21

Did you read my original post? I was just asking if anyone had recommendations for firewall rules, etc. That's all. I'm bright enough to know that D-Link is likely aware of the problem and wasn't trying to start a panic. No need to use sarcastic emojis. If you don't know of anything you need not respond.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Please don't take my comment out of context. All I was doing was to inform you of places to notify D-Link of your concerns. I have asked D-Link for information on this. Please be patient.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752

No known issues with D-Link products

Official Statement - https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10085

What router do you have?

As far as making your network as secure as possible:

1. Turn off your router if not needed at night or when you are away (unless you have security cams/systems).
2. Disable UPnP on your router.
3. Make sure ALL your clients (computers, phones, printers, etc) have the latest updates, drivers, and firmware). Clients can cause more security issues than routers (i.e. KRACK).
4. If your router supports MAC filtering, enable it and only add your clients.
5. Disable guest mode if not using it. Most routers should have it off by default.
6. Change your admin, user, and wi-fi passwords often.
7. Make sure you are using WPA2 - AES only for your wi-fi encryption.
8. Turn on SPI and Anti-Spoof checking - usually in the Firewall section. Enable IPv6 simple security/ingress filtering if your router supports it. Also if you are not using a VPN on your network, disable IPSec and PPTP,
9. Be smart when opening emails and visiting websites. Try to use HTTPS.
10. Make sure your java/javascript is up-to-date. Go to java.com. If you have a 64-bit OS, make sure you are installing the 32-bit version first, then the 64-bit.
11. Make sure your antivirus is up to date on your computer and mobile devices. Avast has a "router" scan. It always says there may be a problem until you actually run the scan.
12. Enable CAPTCHA for your router login - Management > Admin on newer dlink routers.
13. Disable remote access if enabled.

Hope this helps.

« Last Edit: June 19, 2018, 03:13:05 PM by GreenBay42 »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

I believe she has the 882 from looking at historical posts...
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

CoDeCX999

  • Level 1 Member
  • *
  • Posts: 12
  • " Vi veri veniversum vivus vici "

Hi peoples.

I read about this news today.

http://exameinformatica.sapo.pt/noticias/internet/2018-05-24-VPNFilter-FBI-desmantelou-endereco-que-infetou-mais-de-500-mil-routers-e-NAS

 ;)    8) 

Although I work in the area of Technology, we will always be able to breaches is never 100% safe.

tks
Logged
"Once again in the fight.
In the last good battle I will never know.
Live and die on this day. Live and die on this day. "

AmyC

  • Level 1 Member
  • *
  • Posts: 21

Hey, thanks for this. :) There are a few things like captcha we hadn't done. I loathe it but will implement it nonetheless. We have a DIR-882 running FW: 1.10

No known issues with D-Link products

Official Statement - https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10085

What router do you have?

As far as making your network as secure as possible:

1. Turn off you router if not needed at night or when you are away (unless you have security cams/systems).
2. Disable UPnP on your router.
3. Make sure ALL your clients (computers, phones, printers, etc) have the latest updates, drivers, and firmware). Clients can cause more security issues than routers (i.e. KRACK).
4. If your router supports MAC filtering, enable it and only add your clients.
5. Disable guest mode if not using it. Most routers should have it off by default.
6. Change your admin, user, and wi-fi passwords often.
7. Make sure you are using WPA2 - AES only for your wi-fi encryption.
8. Turn on SPI and Anti-Spoof checking - usually in the Firewall section. Enable IPv6 simple security/ingress filtering if your router supports it. Also if you are not using a VPN on your network, disable IPSec and PPTP,
9. Be smart when opening emails and visiting websites. Try to use HTTPS.
10. Make sure your java/javascript is up-to-date. Go to java.com. If you have a 64-bit OS, make sure you are installing the 32-bit version first, then the 64-bit.
11. Make sure your antivirus is up to date on your computer and mobile devices. Avast has a "router" scan. It always says there may be a problem until you actually run the scan.
12. Enable CAPTCHA for your router login - Management > Admin on newer dlink routers.
13. Disable remote access if enabled.

Hope this helps.
Logged