Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




512 posts

Ultimate Geek
+1 received by user: 31


# 208483 13-Feb-2017 22:59
Send private message

Whilst changing some wifi settings on my 7490 I noticed 5 entries this evening:

 

Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password).

 

IP geo lookup shows the connection is from the Seychelles.

 

Googling the IP address shows that it is has been banned for allegedly being the source of hacking in from the last few years.

 

I have a static ip address and have had one for a few years. Any point in asking for a new static ip address.

 

I spoke to a 2degrees rep but she didn't really know what I was going on about. She did confirm that 2degrees weren't behind the access attempts via the Seychelles.

 

Any suggestions as to what I should/can do or is this merely run of the mill random attacks?


Create new topic

This is a filtered page: currently showing replies marked as answers. Click here to see full discussion.

1531 posts

Uber Geek
+1 received by user: 269

Trusted
2degrees

  # 1720123 14-Feb-2017 16:53
Send private message

Hi All,

 

This sounds a lot like the old exploit in the fritzbox firmware that has been patched for some time, it's almost as if the exploit remained after firmware updates, and is just now having access attempted (and failing as a result of the changes from the patching). Can those affected please message me with your broadband usernames, CWMP numbers from the bottom of the modems and current firmware version, and I'll check it out for you.

 

michaelmurfy:

 

Oblivian:

 

michaelmurfy: I'd strongly recommend turning off any external access to your routers services. It only takes a single exploit then they've got control over your whole network.

 

It would appear its how they manage the configurations and updates with CPS. They put a snapadmin user on with remote access afterall. And have seen it update before by them.

 

Crap that is bad. Opened to the world and not whitelisted to their own management network is a terribly bad security practice no matter how secure they think the Fritz!Box is. Any open ports on an embedded system is a terrible idea. I would say it could well be Mirai attempting to brute force.

 

 

Our CPE management is restricted to our management range only, and is only enabled on-request from our systems through TR-069 with our unique tokens. If the device has a snapadmin credential in it, this will be a very old config that has likely not successfully been migrated on to our managed system.

 

Thanks,

 

Ralph ^JOB


Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Anyone can broadcast with Kordia Pop Up TV
Posted 13-Jun-2019 10:51


Volvo and Uber present production vehicle ready for self-driving
Posted 13-Jun-2019 10:47


100,000 customers connected to fibre broadband network through Enable
Posted 13-Jun-2019 10:35


5G uptake even faster than expected
Posted 12-Jun-2019 10:01


Xbox showcases 60 anticipated games
Posted 10-Jun-2019 20:24


Trend Micro Turns Public Hotspots into Secure Networks with WiFi Protection for Mobile Devices
Posted 5-Jun-2019 13:24


Bold UK spinoff for beauty software company Flossie
Posted 2-Jun-2019 14:10


Amazon Introduces Echo Show 5
Posted 1-Jun-2019 15:32


Epson launches new 4K Pro-UHD projector technology
Posted 1-Jun-2019 15:26


Lenovo and Qualcomm unveil first 5G PC called Project Limitless
Posted 28-May-2019 20:23


Intel introduces new 10th Gen Intel Core Processors and Project Athena
Posted 28-May-2019 19:28


Orcon first to trial residential 10Gbps broadband
Posted 28-May-2019 11:20


Video game market in New Zealand passes half billion dollar mark
Posted 24-May-2019 16:15


WLG-X festival to celebrate creativity and innovation
Posted 22-May-2019 17:53


HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.