Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tools to test for Router firmware infection/ security compromise ?


  • Please log in to reply
13 replies to this topic

#1 t1t2t3

t1t2t3

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 28 December 2017 - 12:55 PM

Hi there, would someone please let me know if there are some useful tools to test for router security compromise, especially when NONE of the settings can be set? (Note: I've already changed the default security password.)

 

Thanks!


Edited by hamluis, 29 December 2017 - 11:39 AM.
Moved from Networking to Gen Security - Hamluis.


BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 AM

Posted 30 December 2017 - 08:49 AM

I have some tools for Cisco IOS. What is your router model?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 t1t2t3

t1t2t3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 30 December 2017 - 11:23 AM

Hi, the router brand is Netgear, Gateway name: Versalink. Gateway model #: B90-755025-15. 

I have already tried to download firmware, but am not familiar what file should be uploaded, using the Netgear open source programming files. I saw a .upg file for the router, but I couldn't find it in the folders. If possible, please point me to the correct firmware download link too? Thanks for helping out here.


Edited by t1t2t3, 30 December 2017 - 12:40 PM.


#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 AM

Posted 30 December 2017 - 03:15 PM

I'm not familiar with Netgear devices.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 t1t2t3

t1t2t3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 30 December 2017 - 05:05 PM

Is there anyone in this forum that you know who could help with this? 



#6 cunikcz

cunikcz

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 30 December 2017 - 05:28 PM

Router firmware infection are very rarely. Because each router got another firmware. Hackers doesn't make uni virus to all firmwares of all routers on earth.

#7 Vectron

Vectron

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 30 December 2017 - 05:51 PM

Personally I do not trust the stock firmware and always install something open source i.e. LEDE firmware. Routers can and do get infected though. Most of the time this is the fault of some bad firmware configuration. For example certain models may have vulnerabilities in their web server or perhaps there are hardcoded passwords in use. Maybe there is even a backdoor present. It's not unheard of that malware will scan for these vulnerable devices and try to infect them. Not long ago there was news of the BrickerBot that supposedly bricked unprotected IoT devices.

Edited by Vectron, 30 December 2017 - 05:52 PM.


#8 Carpentry

Carpentry

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 30 December 2017 - 07:21 PM

If its a modem/router combo could the original poster have the option to contact his ISP to have them push a modem firmware update?



#9 t1t2t3

t1t2t3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 30 December 2017 - 08:10 PM

Hi, Carpentry, I am using router/modem combo. It is a  good suggestion to contact ISP for firmware update.  However, I am unsure if the router/modem combo is still supported?  As previously posted, here is the Gateway model #: B90-755025-15. 



#10 Carpentry

Carpentry

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 07 January 2018 - 09:56 PM

Hi, Carpentry, I am using router/modem combo. It is a  good suggestion to contact ISP for firmware update.  However, I am unsure if the router/modem combo is still supported?  As previously posted, here is the Gateway model #: B90-755025-15. 

I looked it up it when i posted that comment and it appeared to be so... are you with AT&T? Doesn't hurt to call your ISP tech people, I think they can let you know.



#11 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:01:57 PM

Posted 09 January 2018 - 12:00 AM

Try ShieldsUp by Steve Gibson,  https://www.grc.com/x/ne.dll?bh0bkyd2



#12 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:57 PM

Posted 09 January 2018 - 06:46 PM

If its a combo unit from your ISP then you should definitly contact them first before any flashing is done. It may have certain features disabled being from a ISP or just be poorly configured.

 

If as you say:

 

I am unsure if the router/modem combo is still supported?

If thats the case then you really should get a new one from your ISP or purchase your own.

 

some good reading about routers here:

https://www.routersecurity.org/bugs.php


How Can I Reduce My Risk to Malware?


#13 t1t2t3

t1t2t3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 11 January 2018 - 06:07 PM

Thanks for your suggestions. I am curious as how to explain to ISP (AT&T) that the router needs new firmware updates needs to be pushed. This is because I didn't see router has any updates available. Is there a way to wipe/ firmware besides using 30-30-30 seconds rule?



#14 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:57 PM

Posted 11 January 2018 - 06:50 PM

 

30-30-30 seconds rule

I think you are referring to powering a router,modem and PC off for 30 seconds then back on to "refresh" connectivity.

This dosnt have anything to do with the firmware.


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users