Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Russian hackers exploiting Ubiquiti EdgeRouters
alisam

890 posts

Ultimate Geek
+1 received by user: 86


#312097 17-Mar-2024 08:30
Send private message

Saw this news item on MSN NZ.

 

I am not making a comment on the article as I no longer use EdgeRouters and there will be plenty of readers who know a lot more than me.

 

FBI warns Russian hackers are using 'compromised' routers to launch stealthy cyberattacks in America - here's how YOU can protect yourself (msn.com)




PC: Dell Inspiron 16 5640 (Windows 11 Home), Dell Inspiron 7591 2n1 (Windows 11 Pro), HP ProBook 470G1 (Windows 10 Pro), Intel NUC7I5BNH (Zorin)
Net: Grandstream 1 x GWN7062 Router, 1 x GWN7665 Access Point
Storage: Synology DS216play NAS, 2 x 6TB
Media: 3 x Amazon FireTV. Echo, Dot, Spot
TV: 2 x Samsung H6400 55" LED TV, Panasonic TH-P50G10Z 50" Plasma TV
Mobile: Samsung Galaxy A52 5G
Wearable: Gear S3 Frontier

Create new topic
fearandloathing
539 posts

Ultimate Geek
+1 received by user: 208

ID Verified
Lifetime subscriber

  #3207116 17-Mar-2024 10:53
Send private message

This is a bit of click bait. Here is a link with more detail. https://www.techradar.com/pro/security/russian-hackers-are-exploiting-edge-routers-to-launch-major-new-cyberattacks 

Essentially, edge routers using the default credentials and management from the wan enabled, are compromised.



boosacnoodle
1343 posts

Uber Geek
+1 received by user: 907


  #3207123 17-Mar-2024 11:06
Send private message

Is that… a default? Surely this is incompetence from the manufacturer to allow public facing services be accessed with default credentials.

networkn
Networkn
32931 posts

Uber Geek
+1 received by user: 15538

ID Verified
Trusted
Lifetime subscriber

  #3207126 17-Mar-2024 11:23
Send private message

fearandloathing:

 

This is a bit of click bait. Here is a link with more detail. https://www.techradar.com/pro/security/russian-hackers-are-exploiting-edge-routers-to-launch-major-new-cyberattacks 

Essentially, edge routers using the default credentials and management from the wan enabled, are compromised.

 

 

You aren't wrong. Insert manafacturers name here. 



SpartanVXL
1516 posts

Uber Geek
+1 received by user: 673


  #3207148 17-Mar-2024 13:06
Send private message

If you run the default setup wizard on edgerouters you get firewall enabled that doesn’t allow access to management interface from WAN.(dhcp wizard if I recall correctly)

If this was a standard consumer/ISP router then it’d be concerning but the type of people buying edgerouters are expected to configure it themselves. It’s the same with Mikrotik and other prosumer devices.

fearandloathing
539 posts

Ultimate Geek
+1 received by user: 208

ID Verified
Lifetime subscriber

  #3207157 17-Mar-2024 14:18
Send private message

boosacnoodle: Is that… a default? Surely this is incompetence from the manufacturer to allow public facing services be accessed with default credentials.


No

michaelmurfy
meow
13617 posts

Uber Geek
+1 received by user: 10984

Moderator
ID Verified
Trusted
Lifetime subscriber

  #3207161 17-Mar-2024 14:37
Send private message

fearandloathing:
boosacnoodle: Is that… a default? Surely this is incompetence from the manufacturer to allow public facing services be accessed with default credentials.


No

 

Actually believe it or not it happens more often than you think...

 

I posted about this before happening to MyRepublic: https://www.geekzone.co.nz/forums.asp?forumid=81&topicid=302219 but basically ISP's with no filtering that offer IPoE (DHCP) without a VLAN can put their customers into sticky security situations especially around grabbing a router and plugging it in without any configuration nor changing the default user / pass as it just routes traffic.

 

I've also been in a situation dealing with a DDOS a fair few years ago towards a large bank where the main endpoints were compromised routers... A fair chunk of traffic came from ISP's just like and including MyRepublic back then because there was no filtering at all. If a customer was attacking somebody at 500Mbit or heck, even 2/4Gbit then on those providers it would be seen as basically "regular upstream" seeing it was normally in short bursts at a time.

 

It is always worth running a Shodan check on yourself and just seeing what you, or your router is exposing to the internet. If you've got an Asus router for example on its default configuration then it will be exposing the web interface to the internet. The Edgerouter, just like the Mikrotik only takes a small configuration stuff-up to expose services to the internet and many MSP's/ISP's will expose this, thinking "convenience" for them without locking down the IP's that can access it.





Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

 
 
 
 

Shop now on AliExpress (affiliate link).
nztim
4047 posts

Uber Geek
+1 received by user: 2758

ID Verified
Trusted
TEAMnetwork
Subscriber

  #3207228 17-Mar-2024 17:31
Send private message

Also with Mikrotik firewalling is not enough m, you need to also
lock down Mac Winbox, an L2 Protocol which allows configuration without an IP




Any views expressed on these forums are my own and don't necessarily reflect those of my employer. 

Tinkerisk
4855 posts

Uber Geek
+1 received by user: 3739


  #3207591 18-Mar-2024 18:22
Send private message

Anyone who tampers with edgerouters as a professional IT-admin and continues to use the default credentials should be publicly tarred and feathered for doing so. I could understand that in the case of a housewife/househusband, but she/he is smarter and doesn't buy an edgerouter. 😉




     

  • Qui nihil scit, omnia credere debet. - He who knows nothing must believe everything.
  • Firewalls do NOT stop dragons! Really!
  • I avoid Big Tech. They try hard to dictate technology and „culture“ across borders.
  • In effect we have everything to hide from someone, and no idea who „someone“ is.

networkn
Networkn
32931 posts

Uber Geek
+1 received by user: 15538

ID Verified
Trusted
Lifetime subscriber

  #3207788 18-Mar-2024 23:59
Send private message

Tinkerisk:

 

Anyone who tampers with edgerouters as a professional IT-admin and continues to use the default credentials should be publicly tarred and feathered for doing so. I could understand that in the case of a housewife/househusband, but she/he is smarter and doesn't buy an edgerouter. 😉

 

 

Again, it has nothing to do with that brand, and more to do with the fact, any device using default credentials and having it's admin interface available on the WAN is going to get hacked. 

 

Having your admin interface available on the WAN is just SUCH a bad idea. 

Tinkerisk
4855 posts

Uber Geek
+1 received by user: 3739


  #3207792 19-Mar-2024 02:08
Send private message

networkn:

 

Tinkerisk:

 

Anyone who tampers with edgerouters as a professional IT-admin and continues to use the default credentials should be publicly tarred and feathered for doing so. I could understand that in the case of a housewife/househusband, but she/he is smarter and doesn't buy an edgerouter. 😉

 

 

Again, it has nothing to do with that brand, and more to do with the fact, any device using default credentials and having it's admin interface available on the WAN is going to get hacked. 

 

Having your admin interface available on the WAN is just SUCH a bad idea. 

 

 

An edgerouter is a specialized router that is located at a network boundary and enables the connection of an internal network to external networks. They are mainly used at two demarcation points: the Wide Area Network (WAN) and the Internet. Hence the name „edge“.

 

The biggest challenges in implementing an edgerouter are the security considerations that are implied when positioning a router at the edge of a network. Organizations cannot control who might try to access the corporate network. If a router with built-in firewall support is purchased, the firewall rules should be configured to meet the security requirements of a corporate network. IT administrators should also ensure that all router firmware is up to date, as outdated routers can pose a security risk in newer attacks. Edgerouters should also be configured to be highly available (HA). In other words, they should be structured in such a way that they transfer workloads to other functioning routers in the event of a failover.

 

One advantage of edgerouters (compared to corerouters) is that they should explicitly enable remote access. They enable remote employees to connect to the company LAN via the network edge. If you then also expose the admin interface remotely for maintenance purposes, the security rules must be all the stricter, which is almost certainly not the case if the default credentials are retained - that was my point.

 

I was not referring to a specific company, but to this class of devices (otherwise I would have written EdgeRouter).

 

 




     

  • Qui nihil scit, omnia credere debet. - He who knows nothing must believe everything.
  • Firewalls do NOT stop dragons! Really!
  • I avoid Big Tech. They try hard to dictate technology and „culture“ across borders.
  • In effect we have everything to hide from someone, and no idea who „someone“ is.

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright