Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Crunchy Dragon

FBI Warns Users to Reboot Routers

Recommended Posts

Not that I own a susceptible model, but what does rebooting do here? Is the malware just in RAM or something and won't it just be infected again if it gets cleared? 


I spent $2500 on building my PC and all i do with it is play no games atm & watch anime at 1080p(finally)...

Builds:

The Toaster Project! Northern Bee!

 

The original LAN PC build log! (Old, dead and replaced by The Toaster Project & 5.0)

Spoiler

"Here is some advice that might have gotten lost somewhere along the way in your life. 

 

#1. Treat others as you would like to be treated.

#2. It's best to keep your mouth shut; and appear to be stupid, rather than open it and remove all doubt.

#3. There is nothing "wrong" with being wrong. Learning from a mistake can be more valuable than not making one in the first place.

 

Follow these simple rules in life, and I promise you, things magically get easier. " - MageTank 31-10-2016

 

 

Link to post
Share on other sites

The FBI has warned users to reboot their routers due to a malware attack allegedly unleashed by Russia So that we can gain access through our backdoor again.  /S

 

 

 


Please quote my post, or put @paddy-stone if you want me to respond to you.

https://www.dictionary.com/  is good for helping with spelling, if you care.

 

Spoiler
  • PCs:-
  • Main PC build  https://uk.pcpartpicker.com/list/GZWxgJ
  • ASUS x53e  - i7 2670QM / Sony BD writer x8 / Win 10, Elemetary OS, Ubuntu/ Samsung 830 SSD
  • Lenovo G50 - 8Gb RAM - Samsung 860 Evo 250GB SSD - DVD writer
  • Displays:-
  • Philips 55 OLED 754 model
  • Panasonic 55" 4k TV
  • LG 29" Ultrawide
  • Philips 24" 1080p monitor as backup
  • Storage/NAS/Servers:-
  • ESXI/test build  https://uk.pcpartpicker.com/list/4wyR9G
  • Main Server https://uk.pcpartpicker.com/list/3Qftyk
  • Backup server - HP Proliant Gen 8 4 bay NAS running FreeNAS ZFS striped 3x3TiB WD reds
  • HP ProLiant G6 Server SE316M1 Twin Hex Core Intel Xeon E5645 2.40GHz 48GB RAM
  • Gaming/Tablets etc:-
  • Xbox One S 500GB + 2TB HDD
  • PS4
  • Nvidia Shield TV
  • Xiaomi/Pocafone F1 128GB 6GB RAM
  • Xiaomi Redmi Note 4
  • Lenovo k3 note
  • Windows tablet
  • Unused Hardware currently :-
  • i7 6700K  b250 mobo - Thermaltake Core V21-  EVGA Supernova G2 650W Gold PSU
  • AMD phenom II 1055t / 8GB RAM / DVD writer
  • Zotac GTX 1060 6GB Amp! edition x2
  • Zotac GTX 1050 mini
  • Nvidia Shield K1 tablet

 

 

Link to post
Share on other sites
5 hours ago, Enderman said:

You can't connect to the internet with just a router.

There is always an ONT or modem that takes the signal cable and turns it into ethernet.

Sometimes a modem and router are combined into one.

Well, that isn't always consumer facing. For example my building has Ethernet at the wall for every apartment meaning you just plug in any Ethernet device you want whether directly, a router or even an access point. 

Link to post
Share on other sites
2 minutes ago, Trixanity said:

Well, that isn't always consumer facing. For example my building has Ethernet at the wall for every apartment meaning you just plug in any Ethernet device you want whether directly, a router or even an access point. 

Well that sounds horrible for security...

Does everyone share a single IP or does each person still get their own assigned modem?


My sound system costs more than my PC.        Check out my S340 build log "White Heaven"        The "LIGHTCANON" flashlight build log        Project AntiRoll (prototype)        Custom speaker project

Spoiler

Intel i7 4790k | AMD Vega 64 | ASUS Sabertooth Z97 Mark S | Corsair Vengeance Pro 32GB | NZXT S340 | Seasonic Platinum 760 | modded H100i | Coolermaster SK630 White | Logitech MX Master 2S | 2x Samsung 850 Pro 512GB | WD Red 4TB Samsung 58" 4k TV | 2x Behringer NEKKST K8 | BIC Acoustech H-100II | Scarlett 2i4 | 2x AT2020

 

Link to post
Share on other sites
Just now, Enderman said:

Well that sounds horrible for security...

Does everyone share a single IP or does each person still get their own assigned modem?

It's using cgn. I'd say there is room for exploitation. I don't know the details of their implementation. I can say though that outside the network the double nat will be difficult to work with but I can actually tunnel into my personal network from an apartment in the vicinity via open ports and a VPN server on the router. In theory I should be able to mess with someone that doesn't have nat setup or that has open ports.

 

I'm not sure how much they monitor but it is obviously against the ToS but since when has that stopped someone determined? I'm however not really gonna test that or look into exploitation.

 

I may have overlooked some security measures (I don't think two PCs connected at the wall with no firewalls can ping each other; that would be stupid if it was possible anyway )but basically VPN and by extension a Plex server are available to me on the internal network. I can't do it from my phone on 4G no matter what I try. I need a public IP which I'm not gonna pay for. I should be able to to do it by connecting both ends to a VPN service and opening ports but I think that would work on any ISP; that should allow pinging both ways.

Link to post
Share on other sites
2 hours ago, paddy-stone said:

The FBI has warned users to reboot their routers due to a malware attack allegedly unleashed by Russia So that we can gain access through our backdoor again.  /S

 

 

 

*2 weeks later*

 

"you know that joke you made..."

Link to post
Share on other sites
5 hours ago, Bananasplit_00 said:

Not that I own a susceptible model, but what does rebooting do here? Is the malware just in RAM or something and won't it just be infected again if it gets cleared? 

it's the FBI version of the classic "have you tried turning it on and off again" xD

 

 

 

even if rebooting did anything, they have no idea what backdoor they used, so the Russians would just do it again. 


.

Link to post
Share on other sites
5 hours ago, Bananasplit_00 said:

Not that I own a susceptible model, but what does rebooting do here? Is the malware just in RAM or something and won't it just be infected again if it gets cleared? 

Rebooting clears stage 2 and 3 of the malware, but stage 1 still remains. For stage 1, it needs a firmware update.


Intel Xeon E5 1650 v3 @ 3.5GHz 6C:12T / CM212 Evo / Asus X99 Deluxe / 16GB (4x4GB) DDR4 3000 Trident-Z / Samsung 850 Pro 256GB / Intel 335 240GB / WD Red 2 & 3TB / Antec 850w / RTX 2070 / Win10 Pro x64

HP Envy X360 15: Intel Core i5 8250U @ 1.6GHz 4C:8T / 8GB DDR4 / Intel UHD620 + Nvidia GeForce MX150 4GB / Intel 120GB SSD / Win10 Pro x64

 

HP Envy x360 BP series Intel 8th gen

AMD ThreadRipper 2!

5820K & 6800K 3-way SLI mobo support list

 

Link to post
Share on other sites
2 hours ago, NumLock21 said:

Rebooting clears stage 2 and 3 of the malware, but stage 1 still remains. For stage 1, it needs a firmware update.

Well good luck with that, most consumer router get patches for one year then nothing.... Even my small business one stopped getting them in mid 2017 (Netgear). Better get some metal to run pfsense....

Edited by jagdtigger
Link to post
Share on other sites
28 minutes ago, jagdtigger said:

Well good luck with that, most consumer router get patches for one year then nothing.... Even my small business one stopped getting them in mid 2017 (Netgear). Better get some metal to run pfsense....

From my experience Netgear is pretty good with patches and updates. My R7000 frequently gets updated.. And this a router that was launched almost five years ago.

Link to post
Share on other sites

So close to being on that list have an r6700


Good luck, Have fun, Build PC, and have a last gen console for use once a year. I should answer most of the time between 9 to 3 PST

NightHawk 2.0: R7 2700 @4.0ghz, B450m Steel Legends, H105, 4x8gb Gell EVO 2866, XFX RX 580 8GB, Corsair RM750X, 500 gb 850 evo, 500gb 850 pro and 5tb Toshiba x300

Skunkworks: R5 3500U, 16gb, 250 intel 730, 500gb Adata XPG 6000 lite, Vega 8. HP probook G455R G6

Condor (MC server): 6600K, z170m plus, 16gb corsair vengeance LPX, samsung 750 evo, EVGA BR 450.

Bearcat (F@H box) core 2 duo, 1x4gb EEC DDR2, 250gb WD blue, 9800GTX+, STRIX 660ti, supermicro PSU, dell T3400.

Rappter(unfinished compute server) HP DL380G6 2xE5520 24GB ram with 4x146gb 10k drives and 4x300gb 10K drives, running NOTHING can't get anything to work

Spirt  (unfinished NAS) Cisco Security Multiservices Platform server e5420 12gb ram, 1x6 1tb raid 6 for plex + Need funding 16+1 2tb raid 6 for mass storage.

PSU Tier List      Motherboard Tier List      How to get PC parts cheap    HP probook 445R G6 review

 

"Stupidity is like trying to find a limit of a constant. You are never truly smart in something, just less stupid."  @CircleTech

 

Link to post
Share on other sites

Rebooted and got a firmware update for my R8000 last night already..


CPU: i7 9700K GPU: MSI RTX 2080S VENTUS 8G Motherboard: ASRock Z390 Phantom Gaming 4 RAM: 16GB ADATA XPG GAMMIX D10 3000MHz Storage: ADATA SU630 480GB + Samsung 860 EVO 1TB + Samsung 970 EVO Plus NVMe 1TB + WD Blue 1TB PSU: 80+ Gold Certified 650W Case: Slate MR Mirror Finish OS: Windows 10 Pro x64 Monitor: Dell S2716DGR Mouse: Logitech G300s Keyboard: Corsair K70 Cherry MX Brown Speakers: Bose Companion 2 Series III Headset: HyperX Cloud Revolver Phone: iPhone 11 64GB Black

Link to post
Share on other sites
12 hours ago, Vode said:

That‘s a King Tiger.

Actually I believe it is a panther...still don't mess with my router man :ph34r:


There's no place like ~

Spoiler

Problems and solutions:

 

FreeNAS

Spoiler

Dell Server 11th gen

Spoiler

 

 

 

 

ESXI

Spoiler

 

 

 

 

 

 

Link to post
Share on other sites
2 hours ago, Cheezdoodlez said:

From my experience Netgear is pretty good with patches and updates. My R7000 frequently gets updated.. And this a router that was launched almost five years ago.

Cant find any release date on my fvs336gv3 but i have hunch that it is older than 5 years... :D

Link to post
Share on other sites

we need to reboot our modems after the servers were seized?

I"M POSITIVE RUSSIANS WILL BE THE ONES TO INFECT US.

Link to post
Share on other sites

Am I the only one who doesn't get how this stuff seems to just be expected and accepted?  If a foreign agent had lit off a bomb in a major city or poisoned the water supply or something like that, I assume there would be a declaration of war and things would get real serious real fast, but governments seem to be hacking each other and their citizen regularly like that's just a totally normal thing that should be allowed, and I don't understand it.  How is the response to this kind of thing not to go to war?  It's like no one has the guts anymore, which to be fair is probably a good thing, but it's still strange...


Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to post
Share on other sites
1 minute ago, Ryan_Vickers said:

Am I the only one who doesn't get how this stuff seems to just be expected and accepted?  If a foreign agent had lit off a bomb in a major city or poisoned the water supply or something like that, I assume there would be a declaration of war and things would get real serious real fast, but governments seem to be hacking each other and their citizen regularly like that's just a totally normal thing that should be allowed, and I don't understand it.  How is the response to this kind of thing not to go to war?  It's like no one has the guts anymore, which to be fair is probably a good thing, but it's still strange...

Because it hasn't impacted enough people yet. Once we have people killing power grids and other large swaths of services to people then it will be taken more seriously. Once people are at high risk of being impacted then they will start to care but when they have the mentality of "it won't happen to me" then they won't care and stir up demands of change.


Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to post
Share on other sites

Neither the FBI, CISCO, nor the Justice Department allege in the linked statements that VPNFilter was created and distributed by Russia—that language was included solely by ArsTechnica. They either spoke anonymously with people involved or are adding that language without substantiation. Regardless, according to CISCO's statement, only 500,000 devices have been infected worldwide, of which the majority are located in Ukraine. They also seem to suggest that the infected devices are only those with very little security that directly access the Internet. It's unlikely that the average person's router in the United States is infected.

Link to post
Share on other sites
15 hours ago, darknessblade said:

is there a full list of all the affected routers? or are only the 14 named routers affected?

(btw i already rebooted my router)

More affected routers will likely be added later as research continues.

Link to post
Share on other sites
On 5/27/2018 at 2:24 PM, Ryan_Vickers said:

Am I the only one who doesn't get how this stuff seems to just be expected and accepted?  If a foreign agent had lit off a bomb in a major city or poisoned the water supply or something like that, I assume there would be a declaration of war and things would get real serious real fast, but governments seem to be hacking each other and their citizen regularly like that's just a totally normal thing that should be allowed, and I don't understand it.  How is the response to this kind of thing not to go to war?  It's like no one has the guts anymore, which to be fair is probably a good thing, but it's still strange...

I totally understand where you are coming from but keep in mind if you are going to war with Russia or China (or any nuclear power at that) its probably going to go nuclear real fast.  You could get into game theory and all classic cold war type stuff but without a doubt that is in the minds of them as well as ours.  In fact, it can be argued the reason why there is so much going on in the cyber world (state sponsored operations here) is that it is a way to indirectly impact your adversaries without risking nuclear annihilation (now I will agree hit someone with a cyber attack big enough to knock out power grids and cause anarchy in major cities resulting in the deaths of hundreds of thousands if not millions then yes war becomes inevitable) because lets face it the second it goes conventional shit will escalate real fast.

 

Instead of getting involved in a pissing match of proxy wars (aka Korea, Vietnam, Afghanistan, Yugoslavia) its more cost effective and impactful to use cyber attacks.

 

I also wouldn't rule out the possibility that many of the cyber attacks you see might have little to do with the governments themselves and more to do with mafia and criminal organizations operating for their own financial gain.  It doesn't make it any better at all but its where it gets harder to tackle.  On one hand you wouldn't risk a full blown nuclear war with another nation if it was simply done by a criminal organization based there working under the radar.  On the other hand, how willful was that nation in letting or even nudging that criminal organization to launch cyber attacks on another nation's people.  Now you have a real problem because even if you know who did it and where they came from you now have limited options.  Lets say it came from China, would you really expect the Chinese to extradite their own especially if it had a negative impact on US infrastructure?  The answer is of course no so now you have two options.  One conventional military action, millions dead and nations irreparably damaged if not destroyed.  Two extremely high risk special operations to infiltrate and kill/capture the actors.  Then you have the unspoken third of espionage and cyber actions against said adversary.  Hmmm seems we've gone full circle...   


"Your next line is..."

 

Link to post
Share on other sites
On 5/27/2018 at 1:35 AM, Vode said:

That‘s a King Tiger.

Not even close. Its a Panther Aus. D.

 

 

 

But on a side note, I dont understand how rebooting this will solve any issue. I get it can break the connection but its not like this process takes long enough to notify people and have them reboot. 

Link to post
Share on other sites

I feel lucky to say that my router is an Asus.  #NotMyProblemYet :D 


I have a G7 and it's DELLicious!!!

| #HuaweiSucks | #MacsAreGoodComputersToo |

 

Meet Hex, my hexacore laptop!

i7-8750H  (6c/12t)
GTX 1060 Max-Q 6GB

16GB DDR4-2666

1TB Crucial P1 M.2 NVMe (boot)

2TB Crucial MX500 SATA III (games)

1080p IPS 60Hz display

also in use...

Logitech G603 wireless gaming mouse

HyperX Stinger wireless gaming headset

 

Other tech: Product(RED) Apple iPhone XR 256GB, Logitech G203 Prodigy, Cooler Master Devastator II (just the keyboard), Sennheiser HD4.40BT, OontZ Angle 3 Ultra, Corsair HS70 wireless gaming headset

Link to post
Share on other sites

Pretty worrying, amd a good reminder to ALWAYS keep all your firmware up to date.

 

Sadly, most people who own one of these routers likely dont even know how to upgrade the firmware or even hear about this news at all.

 

Also: do we even know if newer firmwares for these models fix the vulnerability the malware was exploiting? If not, updating wont do you any good.

 

Luckily a lot of ISP's push firmware updates to their supplied modems/routers. So it is really mostly 3rd party / home installed devices that are the weakest link.

Link to post
Share on other sites

How long ago did this hit? As I recently had a new cable modem/router installed (last Friday)...

 

I believe mine is some sort of hybrid made by Netgear along with some parts from Cisco (Superhub 3.0)...I'm guessing this isn't on the list?


DAEDALUS (2018 Refit) - Processor: AMD Ryzen 5 - 1600 @ 3.7Ghz // Cooler: Cooler Master Hyper 212 LED Turbo Black Edition // Motherboard: Asus RoG Strix B350-F Gaming // Graphics Card: Gigabyte GTX 1060 Windforce 6GB GDDR5 // Memory: 2 x 8GB DDR4 Corsair LPX Vengeance 3000Mhz // Storage: WD Green - 250GB M.2 SATA SSD (Boot Drive and Programs), SanDisk Ultra II 120GB (GTA V), WD Elements 1TB External Drive (Steam Library) // Power Supply: Cooler Master Silent Pro 700W // Case: BeQuiet Silentbase 600 with SilentWings Mk.2 Internal Fans // Peripherals: VicTop Mechanical Gaming Keyboard & VicTsing 7200 DPI Wired Gaming Mouse

 

PROMETHEUS (2018 Refit) - Processor: Intel Core i5-3470 @ 3.2Ghz // Cooler: Cooler Master 212 EVO // Motherboard: Foxconn 2ABF // Graphics Card: ATI Radeon HD 5450 (For Diagnostic Testing Only) // Memory: 2 x 4GB DDR3 Mushkin Memory // Storage: 10TB of Various Storage Drives // Power Supply: Corsair 600W // Case: Bitfenix Nova Midi Tower - Black

 

SpeedTest Results - Having Trouble Finding a Decent PSU? - Check the PSU Tier List!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×