Page 1 of 1
upnp botnet
Posted: Mon Nov 19, 2018 12:17 pm
by billionuser98
Hi there
I have a
Triple WAN ADSL2+ Firewall Router
Model Name BiPAC 8800AXL
Software Version 2.32e
DSL PHY and Driver Version A2pv6F039g1.d24m
Wireless Driver Version 6.30.102.7.cpe4.12L08.4
I see this article
http://blog.netlab.360.com/bcmpupnp_hun ... ammers-en/
about a botnet using some uPNP backdoor. It mentions Billion ADSL2+ routers.
Can Billion confirm :
1/if this device is affected by this botnet attack?
If it is affected:
2/ when will the FW be updated to fix this?
3/ What steps can we take in the meantime to protect ourselves?
thanks,
Hadyn
Re: upnp botnet
Posted: Mon Nov 19, 2018 12:21 pm
by billion_fan
billionuser98 wrote: ↑Mon Nov 19, 2018 12:17 pm
Hi there
I have a
Triple WAN ADSL2+ Firewall Router
Model Name BiPAC 8800AXL
Software Version 2.32e
DSL PHY and Driver Version A2pv6F039g1.d24m
Wireless Driver Version 6.30.102.7.cpe4.12L08.4
I see this article
http://blog.netlab.360.com/bcmpupnp_hun ... ammers-en/
about a botnet using some uPNP backdoor. It mentions Billion ADSL2+ routers.
Can Billion confirm :
1/if this device is affected by this botnet attack?
If it is affected:
2/ when will the FW be updated to fix this?
3/ What steps can we take in the meantime to protect ourselves?
thanks,
Hadyn
As long as you are on firmware 2.32e or higher you should not be effected
Re: upnp botnet
Posted: Fri Nov 30, 2018 5:15 pm
by JonnyFuse
Hi billion_fan
I am running a Billion 7800 DXL on 2.32d still running faultlessly for almost 5 years, since reading the article posted by billionuser98 I am wondering if the router could have been compromised as I did have UPNP enabled, now disabled.
Block WAN PING is enabled and I have no external services setup on the router. I had left UPNP enabled for a couple of Xboxes but have now entered virtual servers manually for them.
How would I even know if it had been compromised?
Appreciate not quite the right forum posting on the 8800 series board but hopefully you can help?
Thanks
J
Re: upnp botnet
Posted: Fri Nov 30, 2018 5:42 pm
by billion_fan
JonnyFuse wrote: ↑Fri Nov 30, 2018 5:15 pm
Hi billion_fan
I am running a Billion 7800 DXL on 2.32d still running faultlessly for almost 5 years, since reading the article posted by billionuser98 I am wondering if the router could have been compromised as I did have UPNP enabled, now disabled.
Block WAN PING is enabled and I have no external services setup on the router. I had left UPNP enabled for a couple of Xboxes but have now entered virtual servers manually for them.
How would I even know if it had been compromised?
Appreciate not quite the right forum posting on the 8800 series board but hopefully you can help?
Thanks
J
Its hard to tell as there are different variants of this attack (people use it in different ways), but I have been told by our HQ fw 2.32e and above is not effected
Re: upnp botnet
Posted: Fri Nov 30, 2018 6:50 pm
by JonnyFuse
Thanks billion_fan for the quick reply that's kind of reassuring.
I would still be interested to know if there is any way to tell if a system is compromised and/or if I upgrade to 2.32e would that be a sure fire way to overwrite any malware?
Just call me paranoid
Regards
J
Re: upnp botnet
Posted: Mon Dec 03, 2018 9:31 am
by billion_fan
JonnyFuse wrote: ↑Fri Nov 30, 2018 6:50 pm
Thanks billion_fan for the quick reply that's kind of reassuring.
I would still be interested to know if there is any way to tell if a system is compromised and/or if I upgrade to 2.32e would that be a sure fire way to overwrite any malware?
Just call me paranoid
Regards
J
Edit
Just got further clarification you must upgrade to 2.32e as this vulnerability was patched with this firmware. (all posts above have been adjusted)