Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


alisam

706 posts

Ultimate Geek


#312097 17-Mar-2024 08:30
Send private message quote this post

Saw this news item on MSN NZ.

 

I am not making a comment on the article as I no longer use EdgeRouters and there will be plenty of readers who know a lot more than me.

 

FBI warns Russian hackers are using 'compromised' routers to launch stealthy cyberattacks in America - here's how YOU can protect yourself (msn.com)





PC: HP ProBook 470G1 (Windows 10 Pro), Intel NUC7I5BNH (Windows 10 Pro), Dell Inspiron 7591 2n1 (Windows 11 Pro)
Net: Grandstream GWN7062, 3 x Grandstream GWN7610
Storage: Synology DS216play NAS, 2 x 6TB
Media: HDHomeRun Connect, 5 x Amazon FireTV. Echo, Dot, Spot
TV: 2 x Samsung H6400 55" LED TV, Panasonic TH-P50G10Z 50" Plasma TV
Mobile: Samsung Galaxy A52 5G
Wearable: Gear S3 Frontier


Create new topic
  #3207116 17-Mar-2024 10:53
Send private message quote this post

This is a bit of click bait. Here is a link with more detail. https://www.techradar.com/pro/security/russian-hackers-are-exploiting-edge-routers-to-launch-major-new-cyberattacks 

Essentially, edge routers using the default credentials and management from the wan enabled, are compromised.


 
 
 

Backblaze Unlimited Backup. World’s easiest cloud backup. Get peace of mind knowing your files are backed up securely in the cloud (affiliate link).
boosacnoodle
742 posts

Ultimate Geek


  #3207123 17-Mar-2024 11:06
Send private message quote this post

Is that… a default? Surely this is incompetence from the manufacturer to allow public facing services be accessed with default credentials.

networkn
Networkn
30806 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #3207126 17-Mar-2024 11:23
Send private message quote this post

fearandloathing:

 

This is a bit of click bait. Here is a link with more detail. https://www.techradar.com/pro/security/russian-hackers-are-exploiting-edge-routers-to-launch-major-new-cyberattacks 

Essentially, edge routers using the default credentials and management from the wan enabled, are compromised.

 

 

You aren't wrong. Insert manafacturers name here. 




SpartanVXL
1013 posts

Uber Geek


  #3207148 17-Mar-2024 13:06
Send private message quote this post

If you run the default setup wizard on edgerouters you get firewall enabled that doesn’t allow access to management interface from WAN.(dhcp wizard if I recall correctly)

If this was a standard consumer/ISP router then it’d be concerning but the type of people buying edgerouters are expected to configure it themselves. It’s the same with Mikrotik and other prosumer devices.

  #3207157 17-Mar-2024 14:18
Send private message quote this post

boosacnoodle: Is that… a default? Surely this is incompetence from the manufacturer to allow public facing services be accessed with default credentials.


No

michaelmurfy
meow
12654 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #3207161 17-Mar-2024 14:37
Send private message quote this post

fearandloathing:
boosacnoodle: Is that… a default? Surely this is incompetence from the manufacturer to allow public facing services be accessed with default credentials.


No

 

Actually believe it or not it happens more often than you think...

 

I posted about this before happening to MyRepublic: https://www.geekzone.co.nz/forums.asp?forumid=81&topicid=302219 but basically ISP's with no filtering that offer IPoE (DHCP) without a VLAN can put their customers into sticky security situations especially around grabbing a router and plugging it in without any configuration nor changing the default user / pass as it just routes traffic.

 

I've also been in a situation dealing with a DDOS a fair few years ago towards a large bank where the main endpoints were compromised routers... A fair chunk of traffic came from ISP's just like and including MyRepublic back then because there was no filtering at all. If a customer was attacking somebody at 500Mbit or heck, even 2/4Gbit then on those providers it would be seen as basically "regular upstream" seeing it was normally in short bursts at a time.

 

It is always worth running a Shodan check on yourself and just seeing what you, or your router is exposing to the internet. If you've got an Asus router for example on its default configuration then it will be exposing the web interface to the internet. The Edgerouter, just like the Mikrotik only takes a small configuration stuff-up to expose services to the internet and many MSP's/ISP's will expose this, thinking "convenience" for them without locking down the IP's that can access it.





Michael Murphy | https://murfy.nz
Referral Links: Octopus Energy ($50 Credit) | Tesla | Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.


nztim
3118 posts

Uber Geek

ID Verified
Trusted
TEAMnetwork
Subscriber

  #3207228 17-Mar-2024 17:31
Send private message quote this post

Also with Mikrotik firewalling is not enough m, you need to also
lock down Mac Winbox, an L2 Protocol which allows configuration without an IP




Any views expressed on these forums are my own and don't necessarily reflect those of my employer. 




Tinkerisk
3370 posts

Uber Geek


  #3207591 18-Mar-2024 18:22
Send private message quote this post

Anyone who tampers with edgerouters as a professional IT-admin and continues to use the default credentials should be publicly tarred and feathered for doing so. I could understand that in the case of a housewife/househusband, but she/he is smarter and doesn't buy an edgerouter. 😉





- NET: FTTH, OPNsense, 10G backbone, GWN APs, ipPBX
- SRV: HA server cluster, 0.1PB storage capacity on premise
- IoT:   thread, zigbee, tasmota, BidCoS, LoRa, WX suite, IR
- 3D:    two 3D printers, 3D scanner, CNC router, laser cutter


networkn
Networkn
30806 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #3207788 18-Mar-2024 23:59
Send private message quote this post

Tinkerisk:

 

Anyone who tampers with edgerouters as a professional IT-admin and continues to use the default credentials should be publicly tarred and feathered for doing so. I could understand that in the case of a housewife/househusband, but she/he is smarter and doesn't buy an edgerouter. 😉

 

 

Again, it has nothing to do with that brand, and more to do with the fact, any device using default credentials and having it's admin interface available on the WAN is going to get hacked. 

 

Having your admin interface available on the WAN is just SUCH a bad idea. 


Tinkerisk
3370 posts

Uber Geek


  #3207792 19-Mar-2024 02:08
Send private message quote this post

networkn:

 

Tinkerisk:

 

Anyone who tampers with edgerouters as a professional IT-admin and continues to use the default credentials should be publicly tarred and feathered for doing so. I could understand that in the case of a housewife/househusband, but she/he is smarter and doesn't buy an edgerouter. 😉

 

 

Again, it has nothing to do with that brand, and more to do with the fact, any device using default credentials and having it's admin interface available on the WAN is going to get hacked. 

 

Having your admin interface available on the WAN is just SUCH a bad idea. 

 

 

An edgerouter is a specialized router that is located at a network boundary and enables the connection of an internal network to external networks. They are mainly used at two demarcation points: the Wide Area Network (WAN) and the Internet. Hence the name „edge“.

 

The biggest challenges in implementing an edgerouter are the security considerations that are implied when positioning a router at the edge of a network. Organizations cannot control who might try to access the corporate network. If a router with built-in firewall support is purchased, the firewall rules should be configured to meet the security requirements of a corporate network. IT administrators should also ensure that all router firmware is up to date, as outdated routers can pose a security risk in newer attacks. Edgerouters should also be configured to be highly available (HA). In other words, they should be structured in such a way that they transfer workloads to other functioning routers in the event of a failover.

 

One advantage of edgerouters (compared to corerouters) is that they should explicitly enable remote access. They enable remote employees to connect to the company LAN via the network edge. If you then also expose the admin interface remotely for maintenance purposes, the security rules must be all the stricter, which is almost certainly not the case if the default credentials are retained - that was my point.

 

I was not referring to a specific company, but to this class of devices (otherwise I would have written EdgeRouter).

 

 





- NET: FTTH, OPNsense, 10G backbone, GWN APs, ipPBX
- SRV: HA server cluster, 0.1PB storage capacity on premise
- IoT:   thread, zigbee, tasmota, BidCoS, LoRa, WX suite, IR
- 3D:    two 3D printers, 3D scanner, CNC router, laser cutter


Create new topic





News and reviews »

One New Zealand Extends 3G Switch-off Date
Posted 11-Apr-2024 08:56


Amazon Echo Hub Review
Posted 10-Apr-2024 18:57


Epson Launches New Versatile A4 Desktop Scanners
Posted 10-Apr-2024 15:31


Motorola Mobility Launches New Android Phones in New Zealand
Posted 10-Apr-2024 14:59


Logitech G Unveils the PRO X 60 Gaming Keyboard
Posted 9-Apr-2024 19:01


Logitech Unveils Signature Slim Keyboard and Combo
Posted 9-Apr-2024 13:33


ExpressVPN Launches Aircove Go Portable Router With Built-in VPN
Posted 26-Mar-2024 21:25


Shure MoveMic Review
Posted 25-Mar-2024 12:47


reMarkable 2 Launches at JB Hi-Fi New Zealand
Posted 20-Mar-2024 08:36


Samsung Galaxy S24 Ultra review
Posted 19-Mar-2024 11:37


Google Nest Wifi Pro Review
Posted 16-Mar-2024 11:28


Samsung Galaxy A55 5G and Galaxy A35 5G
Posted 12-Mar-2024 12:41


Cricut EasyPress Mini Zen Blue launches at Spotlight New Zealand
Posted 12-Mar-2024 12:32


Logitech Introduces MX Brio Webcam
Posted 12-Mar-2024 12:24


HP Unveils Broadest Consumer Portfolio of AI-Enhanced Laptops
Posted 3-Mar-2024 18:09









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







GoodSync is the easiest file sync and backup for Windows and Mac