Anyone had their router hacked?

Ron W4RDM · July 2018

Was checking my remote site router today and found changes to the language (changed to korean), ddns, etc. Changed everything back. Router reverted back to Korean etc. Appears to
be malware. Not sure if it's the VPNFilter malware or not. The router is a ASUS RT-AC66U and it's now on the VPNFilter malware affected routers list. You may want to check your router for any changes

Known affected routers is at the bottom of the page at this link
https://blog.talosintelligence.com/2018/06/vpnfilter-update.html

Lasse Moell · July 2018

Symantec offers an online check...
http://www.symantec.com/filtercheck/

Johan / SE3X · July 2018

Tnx! came out clean.

Martin AA6E · July 2018

Everybody should make sure their routers are up to date with latest mfgr's firmware. Alas, my not-very-old router (Asus RT N66U) is end-of-life with no further support. I should probably discard it, but trouble is it's working just fine. :-(

Bill Roberts · July 2018

I have read about router hacking but perhaps like many, hadn't taken it seriously until reading your story. My thought was "who would want to hack me?" I just installed a Tenda NOVA MW3 mesh network and am very pleased with how it serves our fairly spread out 1 story home. But sitting down our basement waiting for some Craigslist buyer is our old ASUS RT-AC66U. Ouch!

Ted VE3TRQ · July 2018

The N66U runs the open source router software just fine. I run Tomato on mine with no issues - none of the problems associated with manufacturer's code (as long as you keep up-to-date :-) Allows me to do any VPN- and DNS-related things with ease.

Martin AA6E · July 2018

I have been running the Merlin enhancement for ASUS code very well. The thing with Tomato, ddwrt, and similar is that you get to spend many hours to install and support an $80 router box. Tail wags dog.

We've lately cut the CATV cord, so now my router is in the critical path for the house phone and TV, not just web and ham radio. I.e. it's *really* important now.

N8SDR · July 2018

I work as an I/T tech running my own company and can tell you this happens more often then gets media or public attention, last couple month I have changed out and or upgraded firmware on several clients routers in order to help keep them from risk. There is a-lot of good information regarding these attacks which can be found here -https://www.bleepingcomputer.com/news/security/the-vpnfilter-botnet-is-attempting-a-comeback/

Ted VE3TRQ · July 2018

Other than the initial install, and putting in dnsmasq, i don't think I have spent 5 minutes on support for my router. OK, maybe I spent 15 - 20 minutes doing an update once. I have been a Unix developer since 1980, and a Linux user since 1992, so maybe it's unfair to say it is easy, but it just works, and I don't need to reboot the access point and router to keep it working. My uptime is at least a year or more.

John - K3MA · July 2018

I would buy it for the cost of shipping if you want to get rid of it. I would put it on the shelf as a backup for the one I have that has been extremely reliable. You can contact me at mycall@outlook.com if your interested.

John K3MA

John WA7UAR · July 2018

Yes! And here is a related post that gives instructions for removing the botnet from specific routers that are vulnerable to this reemerging threat:
https://www.bleepingcomputer.com/news...

Martin AA6E · July 2018

Are the volunteer (open source) support folks on top of emerging security issues, I wonder? (Not that vendor support is always so good.)

Ted VE3TRQ · July 2018

More so than the vendors, for sure. I have rarely seen a vendor firmware update that addressed security. I have seen (and installed,when warranted) some from open source vendors. For sure the open router community routinely releases security fixes which can be incorporated into specific releases such as dd-wrt and Tomato..

Ted VE3TRQ · July 2018

By the way, I suspect that recent events in the OpenWRT community will affect releases such as dd-wrt and Tomato - we will have to see how fast they react.

N8SDR · July 2018

While were on this subject of routers and network VPN's I wanted to share a application called Untangle- I have a few clients in which I have setup this application is creates a very secure router with many options and works extremely well. If you have an older system and a couple nic cards put it to use as a secure router/firewall/vpn the application has its own operating system which can be downloaded and installed along with the applications and other plugins etc.

NG Firewall needs a dedicated server to run on. We recommend at least a Pentium 4 Processor (or a similar AMD processor), 80 GB hard drive, 2 network cards, and 1 GB of memory. See additional hardware details. The PC does not need an operating system; NG Firewall installs its own operating system. On installation, the NG Firewall completely erases any content or data that may exist on that server’s hard drive.

https://www.untangle.com/get-untangle/

There documentation is well written and there are many resources to help.

Berry Johnson · October 2018

We are thrilled when customers discuss their issues and approach us for assistance. However, our solutions are designed in a way to help you save time as well as money.
Netgear Arlo Support

Anyone had their router hacked?

Answers

Leave a Comment

Categories