Post Office and Talk Talk routers in cyber attack
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- General Chat
- :
- Post Office and Talk Talk routers in cyber attack
Post Office and Talk Talk routers in cyber attack
01-12-2016 9:12 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Report from BBC NEWS site...
customers using POST OFFICE and TALK TALK routers to access the internet, have been disable/hijacked cutting them off from the internet.
and it appears, that, despite many claims by the LINUX FRATERNITY on this forum, that LINUX is SAFER than WINDOWS from virus attack,.... it seems that these routers use a LINUX base
http://www.bbc.co.uk/news/technology-38167453
***************************************************************************************************************************************************
It involves the use of a modified form of the Mirai worm - a type of malware that is spread via hijacked computers, which causes damage to equipment powered by Linux-based operating systems.
***************************************************************************************************************************************************
Re: Post Office and Talk Talk routers in cyber attack
01-12-2016 11:37 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Talk talk customers ... hmm so 10 people were affected then ?
Re: Post Office and Talk Talk routers in cyber attack
02-12-2016 6:13 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Are PN routers at risk
samsung 850evo 250gig , WD black 2 TB . Asus Phoebus sound ,
16 gig Avexir ram 2400 , water cooling Corsair H100i gtx ,
Corsair 750HXI Psu , Phanteks Enthoo pro case .
Re: Post Office and Talk Talk routers in cyber attack
02-12-2016 8:39 AM - edited 02-12-2016 9:38 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@rongtw - they haven't been mentioned in the ISPReveiw story I read (I'll see if I can find it later), but that story did say routers withe default password were most at risk. AFAIK, PN routers all have an unique password.
http://www.ispreview.co.uk/index.php/2016/11/talktalk-isp-routers-potentially-vulnerable-new-mirai-w... - but that's thanks to Gel in another thread.
Re: Post Office and Talk Talk routers in cyber attack
02-12-2016 10:49 AM - edited 02-12-2016 10:50 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
it would appear that those routers have TR-064 open for command which they shouldn't
As linked in the above post
Re: Post Office and Talk Talk routers in cyber attack
02-12-2016 12:51 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Am I not correct in thinking that over 90% of big business use Linux Systems ?
Re: Post Office and Talk Talk routers in cyber attack
02-12-2016 3:25 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It's not a Linux vulnerability as such, it's a TR-064/TR-069 bug. It's just that most of the routers use a Linux kernel and will use a lot of common (GPL) code. Linux servers in general are not likely to have TR-064/TR-069 code in them
Re: Post Office and Talk Talk routers in cyber attack
02-12-2016 4:45 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@St3 wrote:
Talk talk customers ... hmm so 10 people were affected then ?
Are you sure they have that many customers, seems a high figure to me ?
Re: Post Office and Talk Talk routers in cyber attack
02-12-2016 9:08 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@shutter wrote:
Report from BBC NEWS site...
customers using POST OFFICE and TALK TALK routers to access the internet, have been disable/hijacked cutting them off from the internet.
and it appears, that, despite many claims by the LINUX FRATERNITY on this forum, that LINUX is SAFER than WINDOWS from virus attack,.... it seems that these routers use a LINUX base
http://www.bbc.co.uk/news/technology-38167453
***************************************************************************************************************************************************
It involves the use of a modified form of the Mirai worm - a type of malware that is spread via hijacked computers, which causes damage to equipment powered by Linux-based operating systems.
***************************************************************************************************************************************************
"TalkTalk also confirmed that its D-Link DSL-3780 routers were affected but said only a small percentage of its customers used them."
I'm ex-TT and using the 3780 now with PN. My ability to access web sites went on a desperately slow motion Sunday, Monday and Tuesday - until I rebooted the router and everything else. I was on the verge of complaining about poor PN access when I rebooted. I wonder if there is a fix?
Re: Post Office and Talk Talk routers in cyber attack
02-12-2016 9:10 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Post Office and Talk Talk routers in cyber attack
03-12-2016 4:58 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
As I understand it the worm scans for open ports, on TalkTalk' IP range it was TCP port 7547 which I believe is open for remote help from them.
Now if I am correct Plusnet also offer remote help for users of their provided modems, so the question is, are plusnet provided modems susceptible to a similar attack from a version of the Mira worm modified to scan for plusnet customers?
Personally I don't use plusnets modem but if I did I would like to know if a vulnerability exists, is there an open port used for remote help and which port they use. You could then check to see if that port is open and close it.
Further reading http://www.theregister.co.uk/2016/11/28/router_flaw_exploited_in_massive_attack/ and http://www.theregister.co.uk/2016/12/02/broadband_mirai_takedown_analysis/
Re: Post Office and Talk Talk routers in cyber attack
03-12-2016 5:08 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
it was the combination of a known open port AND a root password which was also known (due to the device using a default password).
Re: Post Office and Talk Talk routers in cyber attack
03-12-2016 6:12 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It's not just about the open port and known password, it's that the open port is accepting TR-064 commands, which it's not supposed to, regardless of any password. And then there's a further flaw (the handling of the NTP server setting) used to make the router download and execute the malware.
It shouldn't take long for someone to set up an online checker for the TR-064 acceptance flaw if there isn't such a checker already.
Re: Post Office and Talk Talk routers in cyber attack
03-12-2016 6:14 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
unless such a hacker is then going to try and brute force the password.
so you need at least two things for it to be an issue, and one of those things is very easily solved.
Re: Post Office and Talk Talk routers in cyber attack
03-12-2016 6:25 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The default password is usually the device's serial number. And there's a TR-064 command that doesn't need a password that can be used to read device info, which includes the serial number.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- General Chat
- :
- Post Office and Talk Talk routers in cyber attack