Matrix Games Forums

 Forums  Register  Login  Photo Gallery  Member List  Search  Calendars  FAQ 

My Profile  Inbox  Address Book  My Subscription  My Forums  Log Out

OT Cisco/Linksys/Netgear Backdoor! Check your routers!

 
View related threads: (in this forum | in all forums)

Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [New Releases from Matrix Games] >> War in the Pacific: Admiral's Edition >> OT Cisco/Linksys/Netgear Backdoor! Check your routers! Page: [1]
Login
Message << Older Topic   Newer Topic >>
OT Cisco/Linksys/Netgear Backdoor! Check your routers! - 1/20/2014 8:13:09 AM   
LoBaron


Posts: 4776
Joined: 1/26/2003
From: Vienna, Austria
Status: offline 		This is just a warning to all forum members, I hope it helps some.

I strongly recommend that all people here using Netgear/Linksys/Cisco routers to check their devices.

A backdoor (back-barn-door is more appropriate I guess...) has been identified which grants easy access to router passwords - essentially this means a router can be taken over from anywhere in the world in a matter of seconds - and quoting the website www.pc-magazin.de - 'other not documented services'.

It is suspected that a Cisco producer in Taiwan implementedc the hack on purpose, or forgot to remove a leftover firmware snippet used for lab testing (pretty much equally frightening).

The backdoor is open via a specific port (32764) which bypasses the router internal firewall and cannot be blocked by locking the port.

Just google for more information.

The problem is, since the information is already spread in the internet, every wannabe hacker gets loads of free manuals how to quick and easy hack into the routers. So you can bet it will be done.

Below link is a collected list of devices affected by the security breach, complemented with a list of devices not affected.
https://github.com/elvanderb/TCP-32764




_____________________________
Post #: 1
RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! - 1/20/2014 11:28:47 AM   
pws1225

 

Posts: 1166
Joined: 8/9/2010
From: Tate's Hell, Florida
Status: offline 		Ouch! Thanks LoBaron.

(in reply to LoBaron)
Post #: 2
RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! - 1/20/2014 1:44:30 PM   
geofflambert


Posts: 14863
Joined: 12/23/2010
From: St. Louis
Status: offline 		My router on the incoming cable is a linksys RVS4000 which is on the list as OK. I also have a network router after that that is real old: a Netgear FS105 which is not on either list. I'm going to assume it's too old to have this vulnerability. I was just wondering though, (I don't really understand this stuff ) If the first router is ok, does the second router matter? I'm thinking the answer is yes, but if anyone knows out there please speak up.

(in reply to pws1225)
Post #: 3
RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! - 1/20/2014 2:12:40 PM   
LoBaron


Posts: 4776
Joined: 1/26/2003
From: Vienna, Austria
Status: offline 		Geoff, the RVS4000 is on the 'backdoor confirmed' list. Which means exactly the opposite from OK.

No data on the NG FS105, but this does not mean to much sadly. According to some sources the security breach can be as old as a decade, which in itself is quite telling about a companies´ quality assurance (always assuming it was not left there on purpose...).



But in general, yes, if the first router in line is safe, you should be fine, independent on what you got behind it.

_____________________________


(in reply to geofflambert)
Post #: 4
RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! - 1/20/2014 2:45:29 PM   
obvert


Posts: 14050
Joined: 1/17/2011
From: PDX (and now) London, UK
Status: offline 		Haven't read the links yet, but what kind of issues could this mean? Stolen info from the computers using it? Use of the internet connection for various other nefarious purposes? Other?

On my way home so I'll check mine once there.

Thanks for the tip!

_____________________________

"Success is the ability to go from one failure to another with no loss of enthusiasm." - Winston Churchill

(in reply to LoBaron)
Post #: 5
RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! - 1/20/2014 3:16:17 PM   
LoBaron


Posts: 4776
Joined: 1/26/2003
From: Vienna, Austria
Status: offline 		What I have seen so far implies that there are quite a number of potential exploits using that security breach.

The quick and dirty - and very easy to achieve - part is:
An attacker can reset the router to factory default (which in turn resets the username/pw to default), and then acess the router using url connection with those standard credentials. Then he/she can change the default to a pw of his/her own choice, and blam, the router is governed by someone else. This probably only takes a few minutes.

The consequences are, the attacker can enable/disable/change all router settings, including port lock, firewall settings, and so forth. And this means he/she would able to access anything behind that router in case it is not protected by an additional security layer e.g. a software firewall. As a sideffect you have no access and no control over your router anymore, except in case you manually reset it to factory default as well.

There are most probably more complex hacks imaginable, but I am not expert enough to make anything else then wild guesses there.

To sum it up I would not use my credit card on such a network...

_____________________________


(in reply to obvert)
Post #: 6
RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! - 1/20/2014 4:03:27 PM   
jeffk3510


Posts: 4132
Joined: 12/3/2007
From: Kansas
Status: offline
quote:

ORIGINAL: LoBaron

This is just a warning to all forum members, I hope it helps some.

I strongly recommend that all people here using Netgear/Linksys/Cisco routers to check their devices.

A backdoor (back-barn-door is more appropriate I guess...) has been identified which grants easy access to router passwords - essentially this means a router can be taken over from anywhere in the world in a matter of seconds - and quoting the website www.pc-magazin.de - 'other not documented services'.

It is suspected that a Cisco producer in Taiwan implementedc the hack on purpose, or forgot to remove a leftover firmware snippet used for lab testing (pretty much equally frightening).

The backdoor is open via a specific port (32764) which bypasses the router internal firewall and cannot be blocked by locking the port.

Just google for more information.

The problem is, since the information is already spread in the internet, every wannabe hacker gets loads of free manuals how to quick and easy hack into the routers. So you can bet it will be done.

Below link is a collected list of devices affected by the security breach, complemented with a list of devices not affected.
https://github.com/elvanderb/TCP-32764





So, what do we do about it? haha


_____________________________

Life is tough. The sooner you realize that, the easier it will be.

Currently chasing three kids around the Midwest.

(in reply to LoBaron)
Post #: 7
RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! - 1/20/2014 4:58:53 PM   
LoBaron


Posts: 4776
Joined: 1/26/2003
From: Vienna, Austria
Status: offline 		Well jeff, no idea what you gonna do with it, haha. Be careful?

I can tell you what I did.

I crosschecked my router model and FW version against the link I posted. It is listed as not being affected. To be sure I performed an online scan of port 32764 to see if it responds. It doesn´t. So all should be fine on my side.

Had the test ended up with me being affected by the backdoor, I probably would have considered
a) searching for a firmware upgrade for my router to and check if it closes the backdoor.
b) if this is not possible at least get my software security up to date and consistently check if I can still access the router with my chosen username/pw combo (and immediately choose a new one in case I find out it has been reset to factory defaults)
c) consider buying a new router not affected by the breach (preferably not manufactured from a certain company I don´t have much sympathy for anyway).
and d) Until everything is resolved be very careful what personal/sensible/financial data I send over the network.

Hope that helps.


_____________________________


(in reply to jeffk3510)
Post #: 8
RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! - 1/20/2014 6:42:02 PM   
geofflambert


Posts: 14863
Joined: 12/23/2010
From: St. Louis
Status: offline 		Are we sure the NSA doesn't have something to do with this (even the Chinese made stuff)? For that matter what about the Chinese?

(in reply to LoBaron)
Post #: 9
RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! - 1/20/2014 6:52:38 PM   
jeffk3510


Posts: 4132
Joined: 12/3/2007
From: Kansas
Status: offline
quote:

ORIGINAL: LoBaron

Well jeff, no idea what you gonna do with it, haha. Be careful?

I can tell you what I did.

I crosschecked my router model and FW version against the link I posted. It is listed as not being affected. To be sure I performed an online scan of port 32764 to see if it responds. It doesn´t. So all should be fine on my side.

Had the test ended up with me being affected by the backdoor, I probably would have considered
a) searching for a firmware upgrade for my router to and check if it closes the backdoor.
b) if this is not possible at least get my software security up to date and consistently check if I can still access the router with my chosen username/pw combo (and immediately choose a new one in case I find out it has been reset to factory defaults)
c) consider buying a new router not affected by the breach (preferably not manufactured from a certain company I don´t have much sympathy for anyway).
and d) Until everything is resolved be very careful what personal/sensible/financial data I send over the network.

Hope that helps.



Sounds good to me. I will do all off this tonight.. I'm just not too computer savy when it comes to that stuff.
Now, making charts/graphs in excel, I'd kick anyone's ass.. just plug in the chord and go when it comes to all that stuff you just mentioned.

_____________________________

Life is tough. The sooner you realize that, the easier it will be.

Currently chasing three kids around the Midwest.

(in reply to LoBaron)
Post #: 10
RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! - 1/20/2014 7:37:48 PM   
LoBaron


Posts: 4776
Joined: 1/26/2003
From: Vienna, Austria
Status: offline 		I don´t like to have to fuss around with those security things as well, still it is something that needs to be done from time to time. The most valuable things on the private sector are passwords and credit card data IMO, and hijacking computers for botnets. And that stuff is often handed on a silver plate by users.

If anybody got questions or needs help I will try to support, but please be aware I am neither a hacker nor an IT security specialist.


geofflambert, tbh I couldn´t care less if the NSA is behind that or not. In fact I bet that the NSA, and most other secret services, knew about that backdoor for a long time and kept it as a 'might be useful one day' info without informing anyone. Doesn´tbug me a bit. If anybody at that level wants to hack my computer for whatever reason they can do it with or without backdoor, and I cannot do anything about it.

But what I get concerned about is, when a backdoor gets common knowledge. Then every pimply faced 15 year old wannabe anonymus hacker starts to freak out and hack some. Every light to medium scale criminal gets a free how-to training for stealing passwords and payment info. And this is when it becomes dangerous.

To find out if you can use that backdoor exploit in question, for example, you need to scan for port 32764 and see if you can access it. The exploit became known on a small scale around new year. Within 3 days the port 32764 scans sxploded from roughly 80-120 to over 30000 IP adresses. I have no idea how many scans are performed right now, but you can bet its a pretty high number. NSA is not the problem. But a couple of 1000´s of small gangsters with some of hacker basics are.


_____________________________


(in reply to jeffk3510)
Post #: 11
RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! - 1/20/2014 8:34:08 PM   
Numdydar

 

Posts: 3211
Joined: 2/13/2004
Status: offline 		Well I'm safe with a Netgear WNDR4000.

Thanks so much for the posting.

(in reply to LoBaron)
Post #: 12
RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! - 1/20/2014 10:33:22 PM   
obvert


Posts: 14050
Joined: 1/17/2011
From: PDX (and now) London, UK
Status: offline 		Looks like my Netgear DGN1000SP might have an issue. The DGN1000 is on the list, but no SP listed. Hmmmmm. It's actually Virgin Wireless' router, so not sure what I can do anyway.

Here's an article on the discovery of this problem.
http://arstechnica.com/security/2014/01/backdoor-in-wireless-dsl-routers-lets-attacker-reset-router-get-admin/


_____________________________

"Success is the ability to go from one failure to another with no loss of enthusiasm." - Winston Churchill

(in reply to Numdydar)
Post #: 13
RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! - 1/20/2014 11:39:10 PM   
topeverest


Posts: 3376
Joined: 10/17/2007
From: Houston, TX - USA
Status: offline 		More fuel for the conspiracy theorists! Looks like I am not on the boo boo list.

Thanks for posting.

_____________________________

Andy M

(in reply to obvert)
Post #: 14
RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! - 1/21/2014 2:23:20 AM   
geofflambert


Posts: 14863
Joined: 12/23/2010
From: St. Louis
Status: offline
quote:

ORIGINAL: LoBaron



geofflambert, tbh I couldn´t care less if the NSA is behind that or not. In fact I bet that the NSA, and most other secret services, knew about that backdoor for a long time and kept it as a 'might be useful one day' info without informing anyone. Doesn´tbug me a bit.




What if it's the Federation, travelling back through time like they always do just before the holiday movie going audience peak?

(in reply to LoBaron)
Post #: 15
RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! - 1/21/2014 4:15:40 AM   
Feltan


Posts: 1160
Joined: 12/5/2006
From: Kansas
Status: offline
quote:

ORIGINAL: geofflambert

Are we sure the NSA doesn't have something to do with this (even the Chinese made stuff)? For that matter what about the Chinese?


The bastards ordered six moo shoo pork dinners and charged my credit card!

Regards,
Feltan

(in reply to geofflambert)
Post #: 16
RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! - 1/21/2014 7:11:27 AM   
LoBaron


Posts: 4776
Joined: 1/26/2003
From: Vienna, Austria
Status: offline
quote:

ORIGINAL: obvert

Looks like my Netgear DGN1000SP might have an issue. The DGN1000 is on the list, but no SP listed. Hmmmmm. It's actually Virgin Wireless' router, so not sure what I can do anyway.

Here's an article on the discovery of this problem.
http://arstechnica.com/security/2014/01/backdoor-in-wireless-dsl-routers-lets-attacker-reset-router-get-admin/



Just take article itself - errors like e.g. theres NOT only DSL 'users' (routers) affected; as long as the the affected TCP port 32764 is in listening mode via LAN, or as long as it can be called via port 80, you do NOT require a local wireless network access for the hack, simple internet access is sufficient (this was later corrected by the author),... - and also the comments section of the article with a grain of salt. Many of commenters have no idea what they are talking about.


obvert, what you could do is google for a web based port scanner (there is lots of them around), and scan the routers´ public IP adress for port 32764. If it responds to the scan, usually this means it is in 'listening' mode, you got a problem. If it actively refuses connection, or if the scan simply times out, then you are safe. It is no 100% failsafe method, but it is something.

_____________________________


(in reply to obvert)
Post #: 17
RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! - 1/21/2014 2:37:46 PM   
offenseman


Posts: 768
Joined: 2/24/2007
From: Sheridan Wyoming, USA
Status: offline 		I did a search for port scanners and after clicking though a few that did not have an option for scanning a specific port number, found this one, which does scan by port number. http://www.t1shopper.com/tools/port-scan/



_____________________________

Sometimes things said in Nitwit sound very different in English.

(in reply to LoBaron)
Post #: 18
RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! - 1/21/2014 2:44:39 PM   
obvert


Posts: 14050
Joined: 1/17/2011
From: PDX (and now) London, UK
Status: offline
quote:

ORIGINAL: LoBaron


quote:

ORIGINAL: obvert

Looks like my Netgear DGN1000SP might have an issue. The DGN1000 is on the list, but no SP listed. Hmmmmm. It's actually Virgin Wireless' router, so not sure what I can do anyway.

Here's an article on the discovery of this problem.
http://arstechnica.com/security/2014/01/backdoor-in-wireless-dsl-routers-lets-attacker-reset-router-get-admin/



Just take article itself - errors like e.g. theres NOT only DSL 'users' (routers) affected; as long as the the affected TCP port 32764 is in listening mode via LAN, or as long as it can be called via port 80, you do NOT require a local wireless network access for the hack, simple internet access is sufficient (this was later corrected by the author),... - and also the comments section of the article with a grain of salt. Many of commenters have no idea what they are talking about.


obvert, what you could do is google for a web based port scanner (there is lots of them around), and scan the routers´ public IP adress for port 32764. If it responds to the scan, usually this means it is in 'listening' mode, you got a problem. If it actively refuses connection, or if the scan simply times out, then you are safe. It is no 100% failsafe method, but it is something.


Thanks. I'll try that.

_____________________________

"Success is the ability to go from one failure to another with no loss of enthusiasm." - Winston Churchill

(in reply to LoBaron)
Post #: 19
RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! - 1/22/2014 5:13:34 AM   
LoBaron


Posts: 4776
Joined: 1/26/2003
From: Vienna, Austria
Status: offline 		Ok a final comment here, except if there are questions:

By checking the list, and by performing an online scan, you can verify if the backdoor is working from the internet.

To be absolutely sure if you are safe you need to check your local wireless connection, to be more specific: scan the WAN IP of your router, thats where the backdoor initially was detected. It is not as dangerous as backdoor facing internet, as only people in range of your wireless connection could hack in, but still.

But to do so you need to install a port scanner client on your laptop and scan your WAN IP. Theres a lot of port scanner clients out there, and I have no idea which is good and/or easy to use. So better ask an expert near you for help.

< Message edited by LoBaron -- 1/22/2014 6:14:49 AM >

_____________________________


(in reply to obvert)
Post #: 20
RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! - 2/8/2014 3:15:45 PM   
koniu


Posts: 2763
Joined: 2/28/2011
From: Konin, Poland, European Union
Status: offline 		There i huge attack on routers in Poland as we speak.
It is so big that one of biggest Internet providers in Poland start blocking Internet access to his clients to protect them (not all access but for some sites)

They report that after hacking router someone is changing DNS sewers in routers and when user is try to login to his bank or side with fragile information users are redirected to fake bank sides.

Not know it is router related but internet providers are reporting that it can impact big % of devices used in Poland


_____________________________

"Only the Dead Have Seen the End of War"

(in reply to LoBaron)
Post #: 21
RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! - 2/8/2014 3:17:10 PM   
Numdydar

 

Posts: 3211
Joined: 2/13/2004
Status: offline 		Russians and Germans are at it again

(in reply to koniu)
Post #: 22
Page:   [1]
All Forums >> [New Releases from Matrix Games] >> War in the Pacific: Admiral's Edition >> OT Cisco/Linksys/Netgear Backdoor! Check your routers! Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

1.016