• February 24, 2025, 04:41:47 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Secure that router!  (Read 5641 times)

JackUup23

  • Level 1 Member
  • *
  • Posts: 17
Secure that router!
« on: February 22, 2010, 12:57:55 PM »
Just thought everyone should know, article states that Dlinks products are more susceptible than other routers although Dlink has not heard of the Chuck Norris botnet, just thought I would bring it to everyones attention, good article. Saw it on Toms Hardware which linked to the full article below.  :o

http://www.computerworld.com/s/article/9159758/Chuck_Norris_botnet_karate_chops_routers_hard?taxonomyId=12&pageNumber=1
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Secure that router!
« Reply #1 on: February 22, 2010, 01:11:06 PM »
Nice find Jack. Hope everyone reads it. Not hard to change the password and to disable remote access services. I believe remote services are off by default.  ::) Should always change the log in password for the web page anyways. Hope this doesn't infect anyone on there.  :-[

http://www.dronebl.org/blog/8
« Last Edit: February 22, 2010, 01:14:42 PM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

JackUup23

  • Level 1 Member
  • *
  • Posts: 17
Re: Secure that router!
« Reply #2 on: February 22, 2010, 01:14:44 PM »
Yep, if anyone does think they might have it, just do reset, article says it resides in the memory so a reset should clear it.  I wonder what exactly in Dlinks setup that it takes advantage of?  All in all even if there wasnt a Chuck Norris botnet one should always put a strong password on their router no matter what.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Secure that router!
« Reply #3 on: February 22, 2010, 01:18:45 PM »
Makes me wonder if the user has saved the config file and does a reset and re-applies the config file, is it re-infected?  ???
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Syaoran

  • Level 3 Member
  • ***
  • Posts: 192
Re: Secure that router!
« Reply #4 on: February 22, 2010, 02:11:15 PM »
Changing the password and disabling remote access (if enabled) are the first 2 things I always do when configuring my router.  I live in an apartment building and know all about people jumping on others internet connections and personal networks. 
Logged

Beeder

  • Level 2 Member
  • **
  • Posts: 65
Re: Secure that router!
« Reply #5 on: February 22, 2010, 04:01:53 PM »
I just found another article that says the known vulnerability in D-Link routers that this botnet uses is the HNAP exploit. FW v1.22 time, I guess.
Logged

4500Owner

  • Level 1 Member
  • *
  • Posts: 8
Re: Secure that router!
« Reply #6 on: February 23, 2010, 10:18:26 AM »
...the DGL-4500 doesnt run Linux (seems to be GNU-based), and the processor isnt MIPS (custom Ubicom IC), the issue/point is moot (for now) for the 4500, with or without 1.22's HNAP fix (unless of course, they modify the malware code specifically for the 4500s'/etc scenario).

Regardless, running 1.22 mitigates you from any current or future HNAP-based attack (using that particular HNAP exploit at least).
Logged