Jump to content
pinkoos

Router recs to replace Apple routers?

Recommended Posts

23 minutes ago, Pounce said:

Again, the actual attack vector is not mentioned. Mentioning to set passwords, managing remote admin and keeping firmware up to date is just plain basic security. You can do ALL of those things and still be vulnerable. This is simple logic. 

No, there is zero indication that if you do those things that you are still vulnerable. That is never stated anywhere.

Share this post


Link to post
Share on other sites

Just now, thegreatheed said:

No, there is zero indication that if you do those things that you are still vulnerable. That is never stated anywhere.

What is stated as the attack vector and do you know that that is?

Share this post


Link to post
Share on other sites
On 5/23/2018 at 7:56 AM, pinkoos said:
Would you guys include Amplifi under the Ubiquiti umbrella?
Square footage is almost 5000 and it's a single story house, L-shaped.
Currently, the rack/router are at one end of the "L", the family room is kind of at the intersection of the "L" and the opposite end of the "L" is a guest bedroom.

Deleted. Realized after the fact I was responding to the OP on a topic that has long since moved to other things.

Edited by jragan

Share this post


Link to post
Share on other sites
1 hour ago, thegreatheed said:

The stated resolution is: change passwords, update firmware, turn off remote management.

If that didn't fix the attack vector, it wouldn't be a resolution. Simple logic.

Sorry, but your logic is flawed. I'm not sure if you have read all of the articles, but because so many devices are impacted there are various mitigation methods. Also, there is no "resolution" when it comes to security.

Share this post


Link to post
Share on other sites

The devices impacted were devices that still had default login settings with open ports available to the public IP.  A bot scanner would easily finds these and start attempting to login using known default combinations found on most products and if successful start to dump the malware.

Port 80 is widely used to gain access to most product configuration pages.  This is the port being attacked.

At least with Mikrotik, bots would try to scan for the Winbox port as well.  If found, then they would use that winbox port as a loophole to gain access to port 80.  So at least for me, as long as port 80 is shutdown and I've changed the default login, me and my customers are safe from attack.

I know I'm sleeping comfortably and so are my clients.  I swear though, if another client sends me a link to some awfully written report about this attack, I'm quitting and going to bury myself in the sand.

Also, another resolution posted was to just reboot your router.  I mean, really, the media has hyped this shit up way too much.  Same goes with the IP camera fiascoes over the last year.  All the problems stem back to not changing default logins.  Now at least manufacturers have started making this the first step in configuration before moving forward.

 

Share this post


Link to post
Share on other sites
3 hours ago, Pounce said:

Sorry, but your logic is flawed. I'm not sure if you have read all of the articles, but because so many devices are impacted there are various mitigation methods. Also, there is no "resolution" when it comes to security.

I never said it was a "resolution" to "security". I said it was the stated resolution to THIS ISSUE. 

Misrepresenting my response, then calling my logic flawed...

okay. +1 for you, bud.

Share this post


Link to post
Share on other sites
24 minutes ago, thegreatheed said:

I never said it was a "resolution" to "security". I said it was the stated resolution to THIS ISSUE. 

Misrepresenting my response, then calling my logic flawed...

okay. +1 for you, bud.

I'm sorry you think I misrepresented you. Those things are not a full resolution to this threat and in some cases completely ineffective.

Share this post


Link to post
Share on other sites
7 minutes ago, Pounce said:

I'm sorry you think I misrepresented you. Those things are not a full resolution to this threat and in some cases completely ineffective.

Okay, continue to be pedantic and contrary.

List one article where it says changing default passwords, disabling remote management, and staying up-to-date will NOT avoid this issue. Show one case where those best practices are 'completely ineffective' against this threat.

Prove your point, and don't just pick at words.

Share this post


Link to post
Share on other sites

Security is one of those places where the devil is in the details. You may perceive me as being pedantic, but you are hard set on believing setting a password, updating to latest firmware and disabling remote management is 100% effective in eradicating the problem for all devices. Is is just not the case. It's a red flag for me when people stop considering the complexity of security and the number of permutations.

The list of impacted devices is growing. It's also understood that the exploit has the functionality to allow an attacker through to install any number of additional exploits including rootkits etc on the network and harvesting credentials. It could be much worse for anyone that was exploited and it should be noted that there could be no evidence that you were. Some security companies are recommending disposal of hardware that had been infected. QNAP also asks customers to run a malware scan. Updating your router is not going to stop someone from using your stolen credentials so changing credentials and running scans is also a good idea.

Some firmware that is "current" is still not protected. Current for some devices is years old.  So updating doesn't really fix anything. A person might need to wait for new firmware or switch devices.

I'm not trying to upset you or debate. I'm only trying to ensure that there isn't additional misinformation that would leave someone thinking they are secure when they are potentially not. An example might be not finding your hardware on the current list. That doesn't mean you are not exposed. Updating firmware doesn't always get you a fix when your device is old. 

 

https://www.tp-link.com/us/faq-2212.html

The latest firmware for that device is 2013. Does that FAQ answer tell you that the TP-Link device is protected or does it do what they all do and simply recommend the basic lockdown? I don't get a warm fuzzy for that device.

 

Many of the vendors wont actually say that the are 100% protected because they only know about vulns that are not zero day.

 

 

 

 

 

 

 

Share this post


Link to post
Share on other sites
11 hours ago, thegreatheed said:

Wasn't the router malware issue limited to routers with default credentials and remote management turned on? 

No. Many of the device companies released patches to firmware to block vpnfilter after it was in the wild.

4 hours ago, thegreatheed said:

Show one case where those best practices are 'completely ineffective' against this threat.

I gave one where the latest firmware likely has exploits and the manufacturer has not issues a "fix".

 

1 hour ago, thegreatheed said:

So, you can't show an attack vector outside what was discussed

From your own article:

Quote

Most of the devices targeted are known to use default credentials and/or have known exploits

 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...