• November 01, 2024, 03:27:55 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DNS320L - Ransomeware exploit  (Read 4022 times)

davidr1

  • Level 1 Member
  • *
  • Posts: 22
DNS320L - Ransomeware exploit
« on: June 11, 2017, 12:42:19 PM »

OK I have used an APP on my IPAD to check the strength of the signal around the house.  I has also done a search of open ports.  The app is legit  and is from trend micro. 

One of the things that it is recommending is that to stop ransomware attacking your NAS is to close ports 135 and 445.   Now I have done this on Windows 10 but the open ports still show up on the wifi signal scan. 

I am now confused because you cant access the ports within the NAS to close these. 

I have downloaded ClamAV as a precaution.

AM I looking at this from the wrong perspective?  ie I need to closes the offending ports on the actual router not the NAS?

I have a SKY Hub in the UK but I cant find anywhere on this to block ports other than close UPNP which would stop anyone from accessing the cloud drive I understood.

Is this a redherring with Trend Micro or is it a genuine concern that needs to be looked at with regards to the NAS? 

My thinking is that if there is an exploit and it gets onto the NAS you are up **** creek without a paddle as all of your backup will be held to ransome unless you pay the fee or an AV fix comes out. 

On another note anyone think that ClamAv is of any use?

Here is a link to t3eh Tend Micro page:

http://www.drcleaner.com/useful-guidance-wannacrypt-attacks/

NOTE That to get to this page you have to go via

http://www.trendmicro.co.uk/?utm_source=bing&utm_medium=cpc&utm_campaign=UK%20-%20Core%20Brand%20-%20BMM%20(WG)&utm_term=%2Btrend%20%2Bmicro&utm_content=Brand%20-%20trend%20micro

and click on the home free tool section.  (but you could also do commercial if you wanted to)

Regards and tanks in advance.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DNS320L - Ransomeware exploit
« Reply #1 on: June 11, 2017, 12:48:17 PM »

Link>Welcome!

  • What Hardware version is your DNS? Look at the sticker behind or under the device.
  • Link>What Firmware version is currently loaded? Found on the DNSs web page under status.
  • What region are you located?

What is  the model is the main host router?

Do you have remote access configured on the DNS?

Might see if main host router mfr has any FW updates. If not, Might connect up a external router like a DIR series from D-Link which has better security features and uPnP is kept up to date and secure. You don't need uPnP enabled and you can use port forwarding for remote access. Check with your routers Mfr for help and information on this.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

davidr1

  • Level 1 Member
  • *
  • Posts: 22
Re: DNS320L - Ransomeware exploit
« Reply #2 on: June 11, 2017, 01:11:47 PM »

Hi  SKY wont let you have a router other than their one.  The version is B I believe and I have the most up-to-date firmware. I will review your response  tomorrow.

The point I wastrying to make should we be worried or not?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DNS320L - Ransomeware exploit
« Reply #3 on: June 11, 2017, 01:22:28 PM »

Does the SKY router have a DMZ that you have access to by chance?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.