[ALUG] Fwd: Re:Important Information Regarding Devices Running Older airOS Software
Titus T.
ttituskayz16 at gmail.com
Wed May 18 06:53:56 EAT 2016
Thanks Andreas for reminding us once again.
Regards,
On 18 May 2016 03:45, "Andreas Tauscher via Linux" <linux at lists.habari.co.tz>
wrote:
> And the money quote from the UBNT forum is:
>
> ... these variations are using a known exploit that was reported and
> fixed *last year*.
>
> This is exact the kind of malware I wrote about here about also a year
> ago: This type is not after your PC this is after your devices.
>
> Once on your router, wifi, printer, web-cam, NAS or one of the other
> thousand gadgets they can be there for years undetected having access to
> everything.
>
> My general recommendation for all kinds of embedded devices:
>
> 1. No internet access at all for them.
> If internet is needed only through a proxy and only to verified sites.
> Like here for example the UBNT update server. And nothing else.
> From reports in the UBNT forum it seems some packages have been
> downloaded from download.openwrt.org needed to infect other devices in
> the network.
> And surely monitoring all activities of this devices.
>
> 2. Change the initial password *AND* username.
>
> 3. Logging to a remote log server.
>
> 4. The web interface, ssh, telnet or whatever might maybe give access to
> the device is
> a) disabled if not needed
> b) accessible only through a separate management network isolated from
> the rest and only from a permitted management station.
>
> 5. Set up the e-mail notification in the devices.
> If this is set up for example a UBNT or Microtik will send you an e-mail
> when unusual things happening or a update is available.
> Read this emails and read the change logs for updates!
>
> 6. Subscribe to the manufacturers security newsletter.
>
> 7. Devices which have been outside your control (rented out, borrowed
> ...) have to be rated as compromised.
> Also new devices as long the box is not original sealed.
>
> UBNT or Microtik users are somehow lucky. The firmware of this devices
> is active maintained.
> But if this free services are not used....
>
> If you have D-Link, Netgear, TP-Link or whatever and it is not a
> enterprise product you are usual f****d.
> No updates at all, updates after months or "quality" updates D-Link is
> famous for: Not fixing the problem but patching in three new ones.
>
> Andreas
>
>
> _______________________________________________
> The Arusha Linux User Group: http://unix.or.tz
> Linux mailing list
> Linux at lists.habari.co.tz
> http://lists.habari.co.tz/cgi-bin/mailman/listinfo/linux
>
> The Arusha LUG mailing list is generously hosted by Habari Node Ltd:
> http://www.habari.co.tz/
>
> The above comments and data are owned by whoever posted them (including
> attachments if any). The mailing list host is not responsible for them in
> any way.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.habari.co.tz/pipermail/linux/attachments/20160518/1dbbccb0/attachment.html>
More information about the Linux
mailing list