OT Cisco/Linksys/Netgear Backdoor! Check your routers!

OT Cisco/Linksys/Netgear Backdoor! Check your routers! (Full Version)

All Forums >> [New Releases from Matrix Games] >> War in the Pacific: Admiral's Edition

Message

LoBaron -> OT Cisco/Linksys/Netgear Backdoor! Check your routers! (1/20/2014 8:13:09 AM)
This is just a warning to all forum members, I hope it helps some. I strongly recommend that all people here using Netgear/Linksys/Cisco routers to check their devices. A backdoor (back-barn-door is more appropriate I guess...) has been identified which grants easy access to router passwords - essentially this means a router can be taken over from anywhere in the world in a matter of seconds - and quoting the website www.pc-magazin.de - 'other not documented services'. It is suspected that a Cisco producer in Taiwan implementedc the hack on purpose, or forgot to remove a leftover firmware snippet used for lab testing (pretty much equally frightening). The backdoor is open via a specific port (32764) which bypasses the router internal firewall and cannot be blocked by locking the port. Just google for more information. The problem is, since the information is already spread in the internet, every wannabe hacker gets loads of free manuals how to quick and easy hack into the routers. So you can bet it will be done. Below link is a collected list of devices affected by the security breach, complemented with a list of devices not affected. https://github.com/elvanderb/TCP-32764 [:@]

pws1225 -> RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! (1/20/2014 11:28:47 AM)
Ouch! Thanks LoBaron.

geofflambert -> RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! (1/20/2014 1:44:30 PM)
My router on the incoming cable is a linksys RVS4000 which is on the list as OK. I also have a network router after that that is real old: a Netgear FS105 which is not on either list. I'm going to assume it's too old to have this vulnerability. I was just wondering though, (I don't really understand this stuff [:(]) If the first router is ok, does the second router matter? I'm thinking the answer is yes, but if anyone knows out there please speak up.

LoBaron -> RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! (1/20/2014 2:12:40 PM)
Geoff, the RVS4000 is on the 'backdoor confirmed' list. Which means exactly the opposite from OK. [:(] No data on the NG FS105, but this does not mean to much sadly. According to some sources the security breach can be as old as a decade, which in itself is quite telling about a companies´ quality assurance (always assuming it was not left there on purpose...). But in general, yes, if the first router in line is safe, you should be fine, independent on what you got behind it.

obvert -> RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! (1/20/2014 2:45:29 PM)
Haven't read the links yet, but what kind of issues could this mean? Stolen info from the computers using it? Use of the internet connection for various other nefarious purposes? Other? On my way home so I'll check mine once there. Thanks for the tip!

LoBaron -> RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! (1/20/2014 3:16:17 PM)
What I have seen so far implies that there are quite a number of potential exploits using that security breach. The quick and dirty - and very easy to achieve - part is: An attacker can reset the router to factory default (which in turn resets the username/pw to default), and then acess the router using url connection with those standard credentials. Then he/she can change the default to a pw of his/her own choice, and blam, the router is governed by someone else. This probably only takes a few minutes. The consequences are, the attacker can enable/disable/change all router settings, including port lock, firewall settings, and so forth. And this means he/she would able to access anything behind that router in case it is not protected by an additional security layer e.g. a software firewall. As a sideffect you have no access and no control over your router anymore, except in case you manually reset it to factory default as well. There are most probably more complex hacks imaginable, but I am not expert enough to make anything else then wild guesses there. To sum it up I would not use my credit card on such a network...

jeffk3510 -> RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! (1/20/2014 4:03:27 PM)
quote: ORIGINAL: LoBaron This is just a warning to all forum members, I hope it helps some. I strongly recommend that all people here using Netgear/Linksys/Cisco routers to check their devices. A backdoor (back-barn-door is more appropriate I guess...) has been identified which grants easy access to router passwords - essentially this means a router can be taken over from anywhere in the world in a matter of seconds - and quoting the website www.pc-magazin.de - 'other not documented services'. It is suspected that a Cisco producer in Taiwan implementedc the hack on purpose, or forgot to remove a leftover firmware snippet used for lab testing (pretty much equally frightening). The backdoor is open via a specific port (32764) which bypasses the router internal firewall and cannot be blocked by locking the port. Just google for more information. The problem is, since the information is already spread in the internet, every wannabe hacker gets loads of free manuals how to quick and easy hack into the routers. So you can bet it will be done. Below link is a collected list of devices affected by the security breach, complemented with a list of devices not affected. https://github.com/elvanderb/TCP-32764 [:@] So, what do we do about it? haha

LoBaron -> RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! (1/20/2014 4:58:53 PM)
Well jeff, no idea what you gonna do with it, haha. Be careful? I can tell you what I did. I crosschecked my router model and FW version against the link I posted. It is listed as not being affected. To be sure I performed an online scan of port 32764 to see if it responds. It doesn´t. So all should be fine on my side. Had the test ended up with me being affected by the backdoor, I probably would have considered a) searching for a firmware upgrade for my router to and check if it closes the backdoor. b) if this is not possible at least get my software security up to date and consistently check if I can still access the router with my chosen username/pw combo (and immediately choose a new one in case I find out it has been reset to factory defaults) c) consider buying a new router not affected by the breach (preferably not manufactured from a certain company I don´t have much sympathy for anyway). and d) Until everything is resolved be very careful what personal/sensible/financial data I send over the network. Hope that helps.

geofflambert -> RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! (1/20/2014 6:42:02 PM)
Are we sure the NSA doesn't have something to do with this (even the Chinese made stuff)? For that matter what about the Chinese?

jeffk3510 -> RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! (1/20/2014 6:52:38 PM)
quote: ORIGINAL: LoBaron Well jeff, no idea what you gonna do with it, haha. Be careful? I can tell you what I did. I crosschecked my router model and FW version against the link I posted. It is listed as not being affected. To be sure I performed an online scan of port 32764 to see if it responds. It doesn´t. So all should be fine on my side. Had the test ended up with me being affected by the backdoor, I probably would have considered a) searching for a firmware upgrade for my router to and check if it closes the backdoor. b) if this is not possible at least get my software security up to date and consistently check if I can still access the router with my chosen username/pw combo (and immediately choose a new one in case I find out it has been reset to factory defaults) c) consider buying a new router not affected by the breach (preferably not manufactured from a certain company I don´t have much sympathy for anyway). and d) Until everything is resolved be very careful what personal/sensible/financial data I send over the network. Hope that helps. Sounds good to me. I will do all off this tonight.. I'm just not too computer savy when it comes to that stuff. Now, making charts/graphs in excel, I'd kick anyone's ass.. just plug in the chord and go when it comes to all that stuff you just mentioned.

LoBaron -> RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! (1/20/2014 7:37:48 PM)
I don´t like to have to fuss around with those security things as well, still it is something that needs to be done from time to time. The most valuable things on the private sector are passwords and credit card data IMO, and hijacking computers for botnets. And that stuff is often handed on a silver plate by users. If anybody got questions or needs help I will try to support, but please be aware I am neither a hacker nor an IT security specialist. geofflambert, tbh I couldn´t care less if the NSA is behind that or not. In fact I bet that the NSA, and most other secret services, knew about that backdoor for a long time and kept it as a 'might be useful one day' info without informing anyone. Doesn´tbug me a bit. If anybody at that level wants to hack my computer for whatever reason they can do it with or without backdoor, and I cannot do anything about it. But what I get concerned about is, when a backdoor gets common knowledge. Then every pimply faced 15 year old wannabe anonymus hacker starts to freak out and hack some. Every light to medium scale criminal gets a free how-to training for stealing passwords and payment info. And this is when it becomes dangerous. To find out if you can use that backdoor exploit in question, for example, you need to scan for port 32764 and see if you can access it. The exploit became known on a small scale around new year. Within 3 days the port 32764 scans sxploded from roughly 80-120 to over 30000 IP adresses. I have no idea how many scans are performed right now, but you can bet its a pretty high number. NSA is not the problem. But a couple of 1000´s of small gangsters with some of hacker basics are.

Numdydar -> RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! (1/20/2014 8:34:08 PM)
Well I'm safe [:)] with a Netgear WNDR4000. Thanks so much for the posting.

obvert -> RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! (1/20/2014 10:33:22 PM)
Looks like my Netgear DGN1000SP might have an issue. The DGN1000 is on the list, but no SP listed. Hmmmmm. It's actually Virgin Wireless' router, so not sure what I can do anyway. Here's an article on the discovery of this problem. http://arstechnica.com/security/2014/01/backdoor-in-wireless-dsl-routers-lets-attacker-reset-router-get-admin/

topeverest -> RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! (1/20/2014 11:39:10 PM)
More fuel for the conspiracy theorists! Looks like I am not on the boo boo list. Thanks for posting.

geofflambert -> RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! (1/21/2014 2:23:20 AM)
quote: ORIGINAL: LoBaron geofflambert, tbh I couldn´t care less if the NSA is behind that or not. In fact I bet that the NSA, and most other secret services, knew about that backdoor for a long time and kept it as a 'might be useful one day' info without informing anyone. Doesn´tbug me a bit. What if it's the Federation, travelling back through time like they always do just before the holiday movie going audience peak?

Feltan -> RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! (1/21/2014 4:15:40 AM)
quote: ORIGINAL: geofflambert Are we sure the NSA doesn't have something to do with this (even the Chinese made stuff)? For that matter what about the Chinese? The bastards ordered six moo shoo pork dinners and charged my credit card! Regards, Feltan

LoBaron -> RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! (1/21/2014 7:11:27 AM)
quote: ORIGINAL: obvert Looks like my Netgear DGN1000SP might have an issue. The DGN1000 is on the list, but no SP listed. Hmmmmm. It's actually Virgin Wireless' router, so not sure what I can do anyway. Here's an article on the discovery of this problem. http://arstechnica.com/security/2014/01/backdoor-in-wireless-dsl-routers-lets-attacker-reset-router-get-admin/ Just take article itself - errors like e.g. theres NOT only DSL 'users' (routers) affected; as long as the the affected TCP port 32764 is in listening mode via LAN, or as long as it can be called via port 80, you do NOT require a local wireless network access for the hack, simple internet access is sufficient (this was later corrected by the author),... - and also the comments section of the article with a grain of salt. Many of commenters have no idea what they are talking about. obvert, what you could do is google for a web based port scanner (there is lots of them around), and scan the routers´ public IP adress for port 32764. If it responds to the scan, usually this means it is in 'listening' mode, you got a problem. If it actively refuses connection, or if the scan simply times out, then you are safe. It is no 100% failsafe method, but it is something.

offenseman -> RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! (1/21/2014 2:37:46 PM)
I did a search for port scanners and after clicking though a few that did not have an option for scanning a specific port number, found this one, which does scan by port number. http://www.t1shopper.com/tools/port-scan/

obvert -> RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! (1/21/2014 2:44:39 PM)
quote: ORIGINAL: LoBaron quote: ORIGINAL: obvert Looks like my Netgear DGN1000SP might have an issue. The DGN1000 is on the list, but no SP listed. Hmmmmm. It's actually Virgin Wireless' router, so not sure what I can do anyway. Here's an article on the discovery of this problem. http://arstechnica.com/security/2014/01/backdoor-in-wireless-dsl-routers-lets-attacker-reset-router-get-admin/ Just take article itself - errors like e.g. theres NOT only DSL 'users' (routers) affected; as long as the the affected TCP port 32764 is in listening mode via LAN, or as long as it can be called via port 80, you do NOT require a local wireless network access for the hack, simple internet access is sufficient (this was later corrected by the author),... - and also the comments section of the article with a grain of salt. Many of commenters have no idea what they are talking about. obvert, what you could do is google for a web based port scanner (there is lots of them around), and scan the routers´ public IP adress for port 32764. If it responds to the scan, usually this means it is in 'listening' mode, you got a problem. If it actively refuses connection, or if the scan simply times out, then you are safe. It is no 100% failsafe method, but it is something. Thanks. I'll try that.

LoBaron -> RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! (1/22/2014 5:13:34 AM)
Ok a final comment here, except if there are questions: By checking the list, and by performing an online scan, you can verify if the backdoor is working from the internet. To be absolutely sure if you are safe you need to check your local wireless connection, to be more specific: scan the WAN IP of your router, thats where the backdoor initially was detected. It is not as dangerous as backdoor facing internet, as only people in range of your wireless connection could hack in, but still. But to do so you need to install a port scanner client on your laptop and scan your WAN IP. Theres a lot of port scanner clients out there, and I have no idea which is good and/or easy to use. So better ask an expert near you for help.

koniu -> RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! (2/8/2014 3:15:45 PM)
There i huge attack on routers in Poland as we speak. It is so big that one of biggest Internet providers in Poland start blocking Internet access to his clients to protect them (not all access but for some sites) They report that after hacking router someone is changing DNS sewers in routers and when user is try to login to his bank or side with fragile information users are redirected to fake bank sides. Not know it is router related but internet providers are reporting that it can impact big % of devices used in Poland

Numdydar -> RE: OT Cisco/Linksys/Netgear Backdoor! Check your routers! (2/8/2014 3:17:10 PM)
Russians and Germans are at it again [:D]

Page: [1]

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

6.109375