Hi there
I have a
Triple WAN ADSL2+ Firewall Router
Model Name BiPAC 8800AXL
Software Version 2.32e
DSL PHY and Driver Version A2pv6F039g1.d24m
Wireless Driver Version 6.30.102.7.cpe4.12L08.4
I see this article
http://blog.netlab.360.com/bcmpupnp_hun ... ammers-en/
about a botnet using some uPNP backdoor. It mentions Billion ADSL2+ routers.
Can Billion confirm :
1/if this device is affected by this botnet attack?
If it is affected:
2/ when will the FW be updated to fix this?
3/ What steps can we take in the meantime to protect ourselves?
thanks,
Hadyn
upnp botnet
-
billion_fan
- Posts: 5398
- Joined: Tue Jul 19, 2011 4:30 pm
Re: upnp botnet
As long as you are on firmware 2.32e or higher you should not be effectedbillionuser98 wrote: ↑Mon Nov 19, 2018 12:17 pm Hi there
I have a
Triple WAN ADSL2+ Firewall Router
Model Name BiPAC 8800AXL
Software Version 2.32e
DSL PHY and Driver Version A2pv6F039g1.d24m
Wireless Driver Version 6.30.102.7.cpe4.12L08.4
I see this article
http://blog.netlab.360.com/bcmpupnp_hun ... ammers-en/
about a botnet using some uPNP backdoor. It mentions Billion ADSL2+ routers.
Can Billion confirm :
1/if this device is affected by this botnet attack?
If it is affected:
2/ when will the FW be updated to fix this?
3/ What steps can we take in the meantime to protect ourselves?
thanks,
Hadyn
-
JonnyFuse
- Posts: 3
- Joined: Fri Apr 10, 2015 3:05 pm
Re: upnp botnet
Hi billion_fan
I am running a Billion 7800 DXL on 2.32d still running faultlessly for almost 5 years, since reading the article posted by billionuser98 I am wondering if the router could have been compromised as I did have UPNP enabled, now disabled.
Block WAN PING is enabled and I have no external services setup on the router. I had left UPNP enabled for a couple of Xboxes but have now entered virtual servers manually for them.
How would I even know if it had been compromised?
Appreciate not quite the right forum posting on the 8800 series board but hopefully you can help?
Thanks
J
I am running a Billion 7800 DXL on 2.32d still running faultlessly for almost 5 years, since reading the article posted by billionuser98 I am wondering if the router could have been compromised as I did have UPNP enabled, now disabled.
Block WAN PING is enabled and I have no external services setup on the router. I had left UPNP enabled for a couple of Xboxes but have now entered virtual servers manually for them.
How would I even know if it had been compromised?
Appreciate not quite the right forum posting on the 8800 series board but hopefully you can help?
Thanks
J
-
billion_fan
- Posts: 5398
- Joined: Tue Jul 19, 2011 4:30 pm
Re: upnp botnet
Its hard to tell as there are different variants of this attack (people use it in different ways), but I have been told by our HQ fw 2.32e and above is not effectedJonnyFuse wrote: ↑Fri Nov 30, 2018 5:15 pm Hi billion_fan
I am running a Billion 7800 DXL on 2.32d still running faultlessly for almost 5 years, since reading the article posted by billionuser98 I am wondering if the router could have been compromised as I did have UPNP enabled, now disabled.
Block WAN PING is enabled and I have no external services setup on the router. I had left UPNP enabled for a couple of Xboxes but have now entered virtual servers manually for them.
How would I even know if it had been compromised?
Appreciate not quite the right forum posting on the 8800 series board but hopefully you can help?
Thanks
J
-
JonnyFuse
- Posts: 3
- Joined: Fri Apr 10, 2015 3:05 pm
Re: upnp botnet
Thanks billion_fan for the quick reply that's kind of reassuring.
I would still be interested to know if there is any way to tell if a system is compromised and/or if I upgrade to 2.32e would that be a sure fire way to overwrite any malware?
Just call me paranoid
Regards
J
I would still be interested to know if there is any way to tell if a system is compromised and/or if I upgrade to 2.32e would that be a sure fire way to overwrite any malware?
Just call me paranoid
Regards
J
-
billion_fan
- Posts: 5398
- Joined: Tue Jul 19, 2011 4:30 pm
Re: upnp botnet
EditJonnyFuse wrote: ↑Fri Nov 30, 2018 6:50 pm Thanks billion_fan for the quick reply that's kind of reassuring.
I would still be interested to know if there is any way to tell if a system is compromised and/or if I upgrade to 2.32e would that be a sure fire way to overwrite any malware?
Just call me paranoid
Regards
J
Just got further clarification you must upgrade to 2.32e as this vulnerability was patched with this firmware. (all posts above have been adjusted)