I recall DLink having a vulnerability due to their implementation of upnp. Fresh firmware should fix it, but still, what a PITA.
-Steve D On Fri, Sep 26, 2014 at 11:11 AM, Timothy D. McNabb via Af <[email protected]> wrote: > We received that notice as well (we sell the routers to customers so > plenty on our network). Updating to latest firmware seems to fix. Most of > the routers we have sold are Revision B and the latest firmware is 2.11NA. > > > > -Tim > > > > *From:* Af [mailto:[email protected]] *On Behalf Of *Josh > Reynolds via Af > *Sent:* Friday, September 26, 2014 10:44 AM > *To:* [email protected] > *Subject:* Re: [AFMUG] DDoS via Dlink DIR-655 router? > > > > Could be a part of the bash-exploit botnet that's going around. > > (Yes, this could affect home routers as well) > > Josh Reynolds, Chief Information Officer > SPITwSPOTS, www.spitwspots.com > > On 09/26/2014 09:41 AM, Bill Prince via Af wrote: > > > Got a report from someone that had traced a DDoS attack coming from one of > our subscribers.� It claimed the IP was going out on port 1900 to various > and sundry IPs as part of a distributed attack. > > I ran a torch on the IP, and sure enough, a bunch of connections were > going out on port 1900. > > Talked to the customer, and eliminated all their PCs/phones/etc. one by > one, at which point it was only their Dlink router connected to the net. > > Turning it off stopped the outbound traffic.� Just to be sure, we > re-connected the customer's wired PC, and no traffic. > > So at this point, it appears that there was some sort of malware loaded on > their Dlink.�� It's a DIR-655. > > Anyone else seeing this?� Seen it?� Other comments? > > >
