D-Link Forums
Announcements => Security Advisories => Topic started by: AmyC on May 29, 2018, 05:24:42 AM
-
I apologize if this is not the right place to post this but the FBI has released notice that at least over 500k home and small business routers are infected. Any idea about what D-Link users can do beside a reboot and factory reset. We've done both these things but would love some firewall filter recommendations and such until a firmware update is available.
https://arstechnica.com/information-technology/2018/05/hackers-infect-500000-consumer-routers-all-over-the-world-with-malware/
Thanks in advance!
-
Do you have one of the following effected devices?
Linksys E1200
Linksys E2500
Linksys WRVS4400N
Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
Netgear DGN2200
Netgear R6400
Netgear R7000
Netgear R8000
Netgear WNR1000
Netgear WNR2000
QNAP TS251
QNAP TS439 Pro
Other QNAP NAS devices running QTS software
TP-Link R600VPN
These were only listed and mentioned throughout the articles...
I apologize if this is not the right place to post this but the FBI has released notice that at least over 500k home and small business routers are infected. Any idea about what D-Link users can do beside a reboot and factory reset. We've done both these things but would love some firewall filter recommendations and such until a firmware update is available.
https://arstechnica.com/information-technology/2018/05/hackers-infect-500000-consumer-routers-all-over-the-world-with-malware/
Thanks in advance!
-
Do you have one of the following effected devices?
No. But they are stating these devices are likely just the tip of the iceberg (aka the one's they know about thus far).
"And since it’s unclear how compromised devices were infected in the first place, officials are urging users of all routers and NAS devices, not just the 14 devices identified by Cisco, to reboot."
https://www.digitaltrends.com/computing/vpnfilter-malware-router-reboot/
-
Well nothing has been posted by D-Link as if yet. If your concerned about this, you can submit here:
https://support.dlink.com/ReportVulnerabilities.aspx (https://support.dlink.com/ReportVulnerabilities.aspx)
Until something is posted by D-Link, I would not worry about it too much. You can of course follow the recommendations for the other Mfrs of rebooting and disabling remote management in mean time.
D-Link is aware of all of this already I'm sure. ::)
-
Did you read my original post? I was just asking if anyone had recommendations for firewall rules, etc. That's all. I'm bright enough to know that D-Link is likely aware of the problem and wasn't trying to start a panic. No need to use sarcastic emojis. If you don't know of anything you need not respond.
-
Please don't take my comment out of context. All I was doing was to inform you of places to notify D-Link of your concerns. I have asked D-Link for information on this. Please be patient.
-
http://forums.dlink.com/index.php?topic=73734.0;topicseen (http://forums.dlink.com/index.php?topic=73734.0;topicseen)
-
No known issues with D-Link products
Official Statement - https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10085 (https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10085)
What router do you have?
As far as making your network as secure as possible:
1. Turn off your router if not needed at night or when you are away (unless you have security cams/systems).
2. Disable UPnP on your router.
3. Make sure ALL your clients (computers, phones, printers, etc) have the latest updates, drivers, and firmware). Clients can cause more security issues than routers (i.e. KRACK).
4. If your router supports MAC filtering, enable it and only add your clients.
5. Disable guest mode if not using it. Most routers should have it off by default.
6. Change your admin, user, and wi-fi passwords often.
7. Make sure you are using WPA2 - AES only for your wi-fi encryption.
8. Turn on SPI and Anti-Spoof checking - usually in the Firewall section. Enable IPv6 simple security/ingress filtering if your router supports it. Also if you are not using a VPN on your network, disable IPSec and PPTP,
9. Be smart when opening emails and visiting websites. Try to use HTTPS.
10. Make sure your java/javascript is up-to-date. Go to java.com. If you have a 64-bit OS, make sure you are installing the 32-bit version first, then the 64-bit.
11. Make sure your antivirus is up to date on your computer and mobile devices. Avast has a "router" scan. It always says there may be a problem until you actually run the scan.
12. Enable CAPTCHA for your router login - Management > Admin on newer dlink routers.
13. Disable remote access if enabled.
Hope this helps.
-
I believe she has the 882 from looking at historical posts...
-
Hi peoples.
I read about this news today.
http://exameinformatica.sapo.pt/noticias/internet/2018-05-24-VPNFilter-FBI-desmantelou-endereco-que-infetou-mais-de-500-mil-routers-e-NAS
;) 8)
Although I work in the area of Technology, we will always be able to breaches is never 100% safe.
tks
-
Hey, thanks for this. :) There are a few things like captcha we hadn't done. I loathe it but will implement it nonetheless. We have a DIR-882 running FW: 1.10
No known issues with D-Link products
Official Statement - https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10085 (https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10085)
What router do you have?
As far as making your network as secure as possible:
1. Turn off you router if not needed at night or when you are away (unless you have security cams/systems).
2. Disable UPnP on your router.
3. Make sure ALL your clients (computers, phones, printers, etc) have the latest updates, drivers, and firmware). Clients can cause more security issues than routers (i.e. KRACK).
4. If your router supports MAC filtering, enable it and only add your clients.
5. Disable guest mode if not using it. Most routers should have it off by default.
6. Change your admin, user, and wi-fi passwords often.
7. Make sure you are using WPA2 - AES only for your wi-fi encryption.
8. Turn on SPI and Anti-Spoof checking - usually in the Firewall section. Enable IPv6 simple security/ingress filtering if your router supports it. Also if you are not using a VPN on your network, disable IPSec and PPTP,
9. Be smart when opening emails and visiting websites. Try to use HTTPS.
10. Make sure your java/javascript is up-to-date. Go to java.com. If you have a 64-bit OS, make sure you are installing the 32-bit version first, then the 64-bit.
11. Make sure your antivirus is up to date on your computer and mobile devices. Avast has a "router" scan. It always says there may be a problem until you actually run the scan.
12. Enable CAPTCHA for your router login - Management > Admin on newer dlink routers.
13. Disable remote access if enabled.
Hope this helps.