D-Link Forums

The Graveyard - Products No Longer Supported => Routers / COVR => DGL-4500 => Topic started by: JackUup23 on February 22, 2010, 12:57:55 PM

Title: Secure that router!
Post by: JackUup23 on February 22, 2010, 12:57:55 PM

Just thought everyone should know, article states that Dlinks products are more susceptible than other routers although Dlink has not heard of the Chuck Norris botnet, just thought I would bring it to everyones attention, good article. Saw it on Toms Hardware which linked to the full article below.  :o

http://www.computerworld.com/s/article/9159758/Chuck_Norris_botnet_karate_chops_routers_hard?taxonomyId=12&pageNumber=1

Title: Re: Secure that router!
Post by: FurryNutz on February 22, 2010, 01:11:06 PM

Nice find Jack. Hope everyone reads it. Not hard to change the password and to disable remote access services. I believe remote services are off by default.  ::) Should always change the log in password for the web page anyways. Hope this doesn't infect anyone on there.  :-[

http://www.dronebl.org/blog/8 (http://www.dronebl.org/blog/8)

Title: Re: Secure that router!
Post by: JackUup23 on February 22, 2010, 01:14:44 PM

Yep, if anyone does think they might have it, just do reset, article says it resides in the memory so a reset should clear it.  I wonder what exactly in Dlinks setup that it takes advantage of?  All in all even if there wasnt a Chuck Norris botnet one should always put a strong password on their router no matter what.

Title: Re: Secure that router!
Post by: FurryNutz on February 22, 2010, 01:18:45 PM

Makes me wonder if the user has saved the config file and does a reset and re-applies the config file, is it re-infected?  ???

Title: Re: Secure that router!
Post by: Syaoran on February 22, 2010, 02:11:15 PM

Changing the password and disabling remote access (if enabled) are the first 2 things I always do when configuring my router.  I live in an apartment building and know all about people jumping on others internet connections and personal networks. 

Title: Re: Secure that router!
Post by: Beeder on February 22, 2010, 04:01:53 PM

I just found another article that says the known vulnerability in D-Link routers that this botnet uses is the HNAP exploit. FW v1.22 time, I guess.

Title: Re: Secure that router!
Post by: 4500Owner on February 23, 2010, 10:18:26 AM

...the DGL-4500 doesnt run Linux (seems to be GNU-based), and the processor isnt MIPS (custom Ubicom IC), the issue/point is moot (for now) for the 4500, with or without 1.22's HNAP fix (unless of course, they modify the malware code specifically for the 4500s'/etc scenario).

Regardless, running 1.22 mitigates you from any current or future HNAP-based attack (using that particular HNAP exploit at least).