[ALUG] Fwd: Re:Important Information Regarding Devices Running Older airOS Software

Andreas Tauscher ta at geuka.net
Wed May 18 03:45:09 EAT 2016 

And the money quote from the UBNT forum is:

... these variations are using a known exploit that was reported and
fixed *last year*.

This is exact the kind of malware I wrote about here about also a year
ago: This type is not after your PC this is after your devices.

Once on your router, wifi, printer, web-cam, NAS or one of the other
thousand gadgets they can be there for years undetected having access to
everything.

My general recommendation for all kinds of embedded devices:

1. No internet access at all for them.
If internet is needed only through a proxy and only to verified sites.
Like here for example the UBNT update server. And nothing else.
From reports in the UBNT forum it seems some packages have been
downloaded from download.openwrt.org needed to infect other devices in
the network.
And surely monitoring all activities of this devices.

2. Change the initial password *AND* username.

3. Logging to a remote log server.

4. The web interface, ssh, telnet or whatever might maybe give access to
the device is
a) disabled if not needed
b) accessible only through a separate management network isolated from
the rest and only from a permitted management station.

5. Set up the e-mail notification in the devices.
If this is set up for example a UBNT or Microtik will send you an e-mail
when unusual things happening or a update is available.
Read this emails and read the change logs for updates!

6. Subscribe to the manufacturers security newsletter.

7. Devices which have been outside your control (rented out, borrowed
...) have to be rated as compromised.
Also new devices as long the box is not original sealed.

UBNT or Microtik users are somehow lucky. The firmware of this devices
is active maintained.
But if this free services are not used....

If you have D-Link, Netgear, TP-Link or whatever and it is not a
enterprise product you are usual f****d.
No updates at all, updates after months or "quality" updates D-Link is
famous for: Not fixing the problem but patching in three new ones.

Andreas

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.habari.co.tz/pipermail/linux/attachments/20160518/99e3f6e5/attachment-0001.pgp>

More information about the Linux mailing list