Welcome to the new FlexRadio Community! Please review the new Community Rules and other important new Community information on the Message Board.
If you are having a problem, please refer to the product documentation or check the Help Center for known solutions.
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.

Anyone had their router hacked?

Ron W4RDM
Ron W4RDM Member ✭✭
edited February 2020 in SmartSDR for Windows
Was checking my remote site router today and found changes to the language (changed to korean), ddns, etc. Changed everything back. Router reverted back to Korean etc. Appears to 
be malware. Not sure if it's the VPNFilter malware or not. The router is a ASUS RT-AC66U and it's now on the VPNFilter malware affected routers list. You may want to check your router for any changes

Known affected routers is at the bottom of the page at this link
https://blog.talosintelligence.com/2018/06/vpnfilter-update.html

Answers

  • Lasse Moell
    Lasse Moell Member ✭✭
    edited July 2018
    Symantec offers an online check...
    http://www.symantec.com/filtercheck/

  • Johan / SE3X
    Johan / SE3X Member ✭✭
    edited October 2018
    Tnx! came out clean.
  • Martin AA6E
    Martin AA6E Member ✭✭✭
    edited January 2020
    Everybody should make sure their routers are up to date with latest mfgr's firmware.  Alas, my not-very-old router (Asus RT N66U) is end-of-life with no further support.  I should probably discard it, but trouble is it's working just fine. :-(
  • Bill Roberts
    Bill Roberts Member ✭✭
    edited January 2020
    I have read about router hacking but perhaps like many, hadn't taken it seriously until reading your story.  My thought was "who would want to hack me?"  I just installed a Tenda NOVA MW3 mesh network and am very pleased with how it serves our fairly spread out 1 story home.  But sitting down our basement waiting for some Craigslist buyer is our old ASUS RT-AC66U.  Ouch!
  • Ted  VE3TRQ
    Ted VE3TRQ Member ✭✭✭
    edited July 2018
    The N66U runs the open source router software just fine. I run Tomato on mine with no issues - none of the problems associated with manufacturer's code (as long as you keep up-to-date :-) Allows me to do any VPN- and DNS-related things with ease.
  • Martin AA6E
    Martin AA6E Member ✭✭✭
    edited July 2018
    I have been running the Merlin enhancement for ASUS code very well.  The thing with Tomato, ddwrt, and similar is that you get to spend many hours to install and support an $80 router box.  Tail wags dog.

    We've lately cut the CATV cord, so now my router is in the critical path for the house phone and TV, not just web and ham radio.  I.e. it's *really* important now. 
  • N8SDR
    N8SDR Member ✭✭
    edited February 2020
    I  work as an I/T tech  running my own company and can tell you this happens more often then gets media or public attention, last couple month I have changed out and or upgraded firmware on several clients routers in order to help keep them from risk. There is a-lot of good information regarding these attacks which can be found here -https://www.bleepingcomputer.com/news/security/the-vpnfilter-botnet-is-attempting-a-comeback/
  • Ted  VE3TRQ
    Ted VE3TRQ Member ✭✭✭
    edited July 2018
    Other than the initial install, and putting in dnsmasq, i don't think I have spent 5 minutes on support for my router. OK, maybe I spent 15 - 20 minutes doing an update once. I have been a Unix developer since 1980, and a Linux user since 1992, so maybe it's unfair to say it is easy, but it just works, and I don't need to reboot the access point and router to keep it working. My uptime is at least a year or more.
  • John - K3MA
    John - K3MA Member ✭✭
    edited July 2018
    I would buy it for the cost of shipping if you want to get rid of it.  I would put it on the shelf as a backup for the one I have that has been extremely reliable.  You can contact me at mycall@outlook.com if your interested.

    John K3MA
  • John WA7UAR
    John WA7UAR Member ✭✭✭
    edited July 2018
    Yes! And here is a related post that gives instructions for removing the botnet from specific routers that are vulnerable to this reemerging threat:
    https://www.bleepingcomputer.com/news...
  • Martin AA6E
    Martin AA6E Member ✭✭✭
    edited July 2018
    Are the volunteer (open source) support folks on top of emerging security issues, I wonder? (Not that vendor support is always so good.)
  • Ted  VE3TRQ
    Ted VE3TRQ Member ✭✭✭
    edited July 2018
    More so than the vendors, for sure. I have rarely seen a vendor firmware update that addressed security. I have seen (and installed,when warranted) some from open source vendors. For sure the open router community routinely releases security fixes which can be incorporated into specific releases such as dd-wrt and Tomato..
  • Ted  VE3TRQ
    Ted VE3TRQ Member ✭✭✭
    edited July 2018
    By the way, I suspect that recent events in the OpenWRT community will affect releases such as dd-wrt and Tomato - we will have to see how fast they react.
  • N8SDR
    N8SDR Member ✭✭
    edited July 2018
     While were on this subject of routers and network VPN's I wanted to share a application called Untangle- I have a few clients in which I have setup this application is creates a very secure router with many options and works extremely well.  If you have an older system and a couple nic cards put it to use as a secure router/firewall/vpn the application has its own operating system which can be downloaded and installed along with the applications and other plugins etc. 

    NG Firewall needs a dedicated server to run on. We recommend at least a Pentium 4 Processor (or a similar AMD processor), 80 GB hard drive, 2 network cards, and 1 GB of memory. See additional hardware details. The PC does not need an operating system; NG Firewall installs its own operating system. On installation, the NG Firewall completely erases any content or data that may exist on that server’s hard drive.

    https://www.untangle.com/get-untangle/

    There documentation is well written and there are many resources to help.

  • Berry Johnson
    Berry Johnson Member
    edited October 2018

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.