I believe it was configuring the router as a open proxy and then hijacking DNS requests for the purpose of ads or crypto mining.
I wonder if Hulu has a automated scan for open proxies and blacklists due to it? On Sat, Sep 29, 2018, 1:13 PM Ken Hohhof <[email protected]> wrote: > The Winbox hack was definitely used to set up a Socks proxy, I don’t know > what that is or what they were using it for. There would be a seemingly > random high numbered port assigned to it. I had a few customer routers get > hacked with this. > > > > Can you explain what they were doing by configuring IP > Socks? I thought > maybe it was a way of creating a backdoor into the router. > > > > > > *From:* AF <[email protected]> *On Behalf Of *CBB - Jay Fuller > *Sent:* Saturday, September 29, 2018 12:25 PM > *To:* AnimalFarm Microwave Users Group <[email protected]> > *Subject:* Re: [AFMUG] Hulu IP blacklist > > > > > > i have seen facebook posts recently that a mikrotik exploit has been used > for this purpose. > > > > ----- Original Message ----- > > *From:* Ken Hohhof <[email protected]> > > *To:* 'AnimalFarm Microwave Users Group' <[email protected]> > > *Sent:* Saturday, September 29, 2018 11:08 AM > > *Subject:* [AFMUG] Hulu IP blacklist > > > > Has anyone had one of your dynamic pool IP addresses blacklisted by Hulu > because supposedly another customer was using an anonymous proxy at that IP > address? > > > > I’m still a little skeptical that’s the explanation. If nothing else, > you’d think the blacklist would expire after 24 hours or something. > > > > See the last item in the list here: > > > > https://help.hulu.com/en-us/identified-as-anonymous-proxy > > > ------------------------------ > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com >
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
