DIYbanter

DIYbanter (https://www.diybanter.com/)
-   Electronics Repair (https://www.diybanter.com/electronics-repair/)
-   -   National Reboot your Router Day (https://www.diybanter.com/electronics-repair/611843-national-reboot-your-router-day.html)

Jeff Liebermann May 29th 18 06:03 PM

National Reboot your Router Day
 
Thanks to media attention, the FBI has provided me with a busy day or
two. According to the press release, we're expected to reboot every
router to flush out the malware the evil Russians have installed:
https://www.google.com/search?q=FBI+reboot+your+router
The list of affected routers is rather small:
https://krebsonsecurity.com/2018/05/fbi-kindly-reboot-your-router-now-please/
Easy enough. What could possibly go wrong?

Well, some experts, news agencies, and pundits have mixed up "reboot"
with "reset" your router[1]. Instructions are provided for inserting
paper clips and sharp instruments into any available hole in the back
of the router. Few seem to offer assistance in identifying which box
is the router. Doing a reboot will preserve the router settings.
Doing a reset will wipe them clean and precipitate a support call (to
me). So far, I only have 2 router reconfigurations on my schedule for
today, but I'm sure there will be more.

Therefore, I would like to thank everyone involved for generating the
work, and special thanks to Comcast and AT&T for disabling customer
firmware updates and save settings in their gateways and routers.

Update: I just received a phone call asking which box is the router.
This is going to be an interesting day.


[1] The probable culprit is the various Comcast VoIP gateways that
have an optional built in backup battery. In order to reboot these,
it is necessary to unplug the power from the gateway, remove the
battery for about 15 seconds, plug the battery back in, plug the power
back in, and watch the lights come sloooooowly back on.

--
Jeff Liebermann
150 Felker St #D
http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Jerry Peters May 29th 18 10:08 PM

National Reboot your Router Day
 
Jeff Liebermann wrote:
Thanks to media attention, the FBI has provided me with a busy day or
two. According to the press release, we're expected to reboot every
router to flush out the malware the evil Russians have installed:
https://www.google.com/search?q=FBI+reboot+your+router
The list of affected routers is rather small:
https://krebsonsecurity.com/2018/05/fbi-kindly-reboot-your-router-now-please/
Easy enough. What could possibly go wrong?

Well, some experts, news agencies, and pundits have mixed up "reboot"
with "reset" your router[1]. Instructions are provided for inserting
paper clips and sharp instruments into any available hole in the back
of the router. Few seem to offer assistance in identifying which box
is the router. Doing a reboot will preserve the router settings.
Doing a reset will wipe them clean and precipitate a support call (to
me). So far, I only have 2 router reconfigurations on my schedule for
today, but I'm sure there will be more.

Therefore, I would like to thank everyone involved for generating the
work, and special thanks to Comcast and AT&T for disabling customer
firmware updates and save settings in their gateways and routers.

Update: I just received a phone call asking which box is the router.
This is going to be an interesting day.


[1] The probable culprit is the various Comcast VoIP gateways that
have an optional built in backup battery. In order to reboot these,
it is necessary to unplug the power from the gateway, remove the
battery for about 15 seconds, plug the battery back in, plug the power
back in, and watch the lights come sloooooowly back on.

Watched to local news last night, anyone following their instructions
will *reset* his router to the defaults.

See the "Gell-Mann Amnesia Effect" for further details.

Cursitor Doom[_4_] May 29th 18 11:39 PM

National Reboot your Router Day
 
On Tue, 29 May 2018 20:08:37 +0000, Jerry Peters wrote:


Jeff Liebermann wrote:
Thanks to media attention, the FBI has provided me with a busy day or
two. According to the press release, we're expected to reboot every
router to flush out the malware the evil Russians have installed:


I'm not bothered if the Russians hack my route (as if!) - there's far
worse than them out there.


--
This message may be freely reproduced without limit or charge only via
the Usenet protocol. Reproduction in whole or part through other
protocols, whether for profit or not, is conditional upon a charge of
GBP10.00 per reproduction. Publication in this manner via non-Usenet
protocols constitutes acceptance of this condition.

Fred Smith[_4_] May 30th 18 12:24 AM

National Reboot your Router Day
 
On 2018-05-29, Cursitor Doom wrote:
On Tue, 29 May 2018 20:08:37 +0000, Jerry Peters wrote:


Jeff Liebermann wrote:
Thanks to media attention, the FBI has provided me with a busy day or
two. According to the press release, we're expected to reboot every
router to flush out the malware the evil Russians have installed:


I'm not bothered if the Russians hack my route (as if!) - there's far
worse than them out there.



All the weekly attempts to log into my server traceroute back to
China, not Russia. I suppose it could be those fiendishly clever
Russians spoofing, of course.

Jeff Liebermann May 30th 18 12:53 AM

National Reboot your Router Day
 
On Tue, 29 May 2018 20:08:37 -0000 (UTC), Jerry Peters
wrote:

Jeff Liebermann wrote:
Thanks to media attention, the FBI has provided me with a busy day or
two. According to the press release, we're expected to reboot every
router to flush out the malware the evil Russians have installed:
https://www.google.com/search?q=FBI+reboot+your+router
The list of affected routers is rather small:
https://krebsonsecurity.com/2018/05/fbi-kindly-reboot-your-router-now-please/
Easy enough. What could possibly go wrong?

Well, some experts, news agencies, and pundits have mixed up "reboot"
with "reset" your router[1]. Instructions are provided for inserting
paper clips and sharp instruments into any available hole in the back
of the router. Few seem to offer assistance in identifying which box
is the router. Doing a reboot will preserve the router settings.
Doing a reset will wipe them clean and precipitate a support call (to
me). So far, I only have 2 router reconfigurations on my schedule for
today, but I'm sure there will be more.

Therefore, I would like to thank everyone involved for generating the
work, and special thanks to Comcast and AT&T for disabling customer
firmware updates and save settings in their gateways and routers.

Update: I just received a phone call asking which box is the router.
This is going to be an interesting day.


[1] The probable culprit is the various Comcast VoIP gateways that
have an optional built in backup battery. In order to reboot these,
it is necessary to unplug the power from the gateway, remove the
battery for about 15 seconds, plug the battery back in, plug the power
back in, and watch the lights come sloooooowly back on.


Watched to local news last night, anyone following their instructions
will *reset* his router to the defaults.


Yep. That's because the average reporter or announcer doesn't know
the difference between reboot, reset, restart, power cycle, cold boot,
hot boot, etc. Little surprise because the older computahs had a
button labeled "reset" that did a "reboot". However, when the button
moved to modems and routers, it did both a reset (wipe all settings),
and a reboot (restart the OS). I partly solved the problem by
covering the hole with a round label inscribed with "$35" which is
what it will cost them to have me drive over to their office and put
Humpty Dumpty back together again.

Of course, nothing happens without a suitable conspiracy theory. In
this case, I must ask why the FBI insisted that everyone reset their
routers when only a few models are susceptible. Also, ISP's like
AT&T, can easily reboot their customers routers using SNMP. My
initial guess was that the FBI thought it better to be sure than sorry
when dealing with credential sniffing malware. However, the FBI has
never been known for such lofty sentiments. My guess(tm) is that this
may well be the first technical action in recent memory that the FBI
has performed mostly correctly. They may need the good publicity it
brings to compensate for the general impression of gross incompetence
demonstrated by the Apple iPhone unlocking fiasco.

Unfortunately, my prediction of personal economic enrichment may have
been premature. National Reboot Your Router Day has produced only two
paying service calls and a few unprofitable phone calls and emails.
Very disappointing. Still, I predict additional press releases in the
future by the FBI to remind us that we're being successfully protected
from the machinations of the Russians.

See the "Gell-Mann Amnesia Effect" for further details.


https://en.wikipedia.org/wiki/Gell-Mann_amnesia_effect

--
Jeff Liebermann
150 Felker St #D
http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Jeff Liebermann May 30th 18 01:30 AM

National Reboot your Router Day
 
On Tue, 29 May 2018 22:24:29 +0000 (UTC), Fred Smith
wrote:

On 2018-05-29, Cursitor Doom wrote:
On Tue, 29 May 2018 20:08:37 +0000, Jerry Peters wrote:


Jeff Liebermann wrote:
Thanks to media attention, the FBI has provided me with a busy day or
two. According to the press release, we're expected to reboot every
router to flush out the malware the evil Russians have installed:


I'm not bothered if the Russians hack my route (as if!) - there's far
worse than them out there.


No need to hack your own route. Just use the "route" command to
direct your packets to whever you want:
https://www.google.com/search?q=route+command

All the weekly attempts to log into my server traceroute back to
China, not Russia. I suppose it could be those fiendishly clever
Russians spoofing, of course.


Most automated attacks arrive from hijacked client computers or
botnets. For DDoS attacks, it looks like attacks originating in the
USA are the major culprits, with China in 2nd place:
http://www.digitalattackmap.com
More of the same:
https://threatbutt.com/map/
https://map.lookingglasscyber.com
etc...


--
Jeff Liebermann
150 Felker St #D
http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Clifford Heath May 30th 18 02:15 AM

National Reboot your Router Day
 
On 30/05/18 08:53, Jeff Liebermann wrote:
On Tue, 29 May 2018 20:08:37 -0000 (UTC), Jerry Peters
wrote:

Jeff Liebermann wrote:
Thanks to media attention, the FBI has provided me with a busy day or
two. According to the press release, we're expected to reboot every
router to flush out the malware the evil Russians have installed:
https://www.google.com/search?q=FBI+reboot+your+router
The list of affected routers is rather small:
https://krebsonsecurity.com/2018/05/fbi-kindly-reboot-your-router-now-please/
Easy enough. What could possibly go wrong?

Well, some experts, news agencies, and pundits have mixed up "reboot"
with "reset" your router[1]. Instructions are provided for inserting
paper clips and sharp instruments into any available hole in the back
of the router. Few seem to offer assistance in identifying which box
is the router. Doing a reboot will preserve the router settings.
Doing a reset will wipe them clean and precipitate a support call (to
me). So far, I only have 2 router reconfigurations on my schedule for
today, but I'm sure there will be more.

Therefore, I would like to thank everyone involved for generating the
work, and special thanks to Comcast and AT&T for disabling customer
firmware updates and save settings in their gateways and routers.

Update: I just received a phone call asking which box is the router.
This is going to be an interesting day.


[1] The probable culprit is the various Comcast VoIP gateways that
have an optional built in backup battery. In order to reboot these,
it is necessary to unplug the power from the gateway, remove the
battery for about 15 seconds, plug the battery back in, plug the power
back in, and watch the lights come sloooooowly back on.


Watched to local news last night, anyone following their instructions
will *reset* his router to the defaults.


Yep. That's because the average reporter or announcer doesn't know
the difference between reboot, reset, restart, power cycle, cold boot,
hot boot, etc. Little surprise because the older computahs had a
button labeled "reset" that did a "reboot". However, when the button
moved to modems and routers, it did both a reset (wipe all settings),
and a reboot (restart the OS). I partly solved the problem by
covering the hole with a round label inscribed with "$35" which is
what it will cost them to have me drive over to their office and put
Humpty Dumpty back together again.


You don't charge enough. It costs 3-4 times that to have a plumber call.

Of course, nothing happens without a suitable conspiracy theory. In
this case, I must ask why the FBI insisted that everyone reset their
routers when only a few models are susceptible. Also, ISP's like
AT&T, can easily reboot their customers routers using SNMP. My
initial guess was that the FBI thought it better to be sure than sorry
when dealing with credential sniffing malware. However, the FBI has
never been known for such lofty sentiments. My guess(tm) is that this
may well be the first technical action in recent memory that the FBI
has performed mostly correctly. They may need the good publicity it
brings to compensate for the general impression of gross incompetence
demonstrated by the Apple iPhone unlocking fiasco.


More likely the FBI is helping the NSA install their own sniffers
into every router that gets rebooted, and not just the vulnerable
ones. Of course, that theory presumes competence, so it's probably
wrong.

Unfortunately, my prediction of personal economic enrichment may have
been premature. National Reboot Your Router Day has produced only two
paying service calls and a few unprofitable phone calls and emails.
Very disappointing. Still, I predict additional press releases in the
future by the FBI to remind us that we're being successfully protected
from the machinations of the Russians.

See the "Gell-Mann Amnesia Effect" for further details.


https://en.wikipedia.org/wiki/Gell-Mann_amnesia_effect



Clifford Heath May 30th 18 02:19 AM

National Reboot your Router Day
 
On 30/05/18 08:53, Jeff Liebermann wrote:
On Tue, 29 May 2018 20:08:37 -0000 (UTC), Jerry Peters
wrote:

Jeff Liebermann wrote:
Thanks to media attention, the FBI has provided me with a busy day or
two. According to the press release, we're expected to reboot every
router to flush out the malware the evil Russians have installed:
https://www.google.com/search?q=FBI+reboot+your+router
The list of affected routers is rather small:
https://krebsonsecurity.com/2018/05/fbi-kindly-reboot-your-router-now-please/
Easy enough. What could possibly go wrong?

Well, some experts, news agencies, and pundits have mixed up "reboot"
with "reset" your router[1]. Instructions are provided for inserting
paper clips and sharp instruments into any available hole in the back
of the router. Few seem to offer assistance in identifying which box
is the router. Doing a reboot will preserve the router settings.
Doing a reset will wipe them clean and precipitate a support call (to
me). So far, I only have 2 router reconfigurations on my schedule for
today, but I'm sure there will be more.

Therefore, I would like to thank everyone involved for generating the
work, and special thanks to Comcast and AT&T for disabling customer
firmware updates and save settings in their gateways and routers.

Update: I just received a phone call asking which box is the router.
This is going to be an interesting day.


[1] The probable culprit is the various Comcast VoIP gateways that
have an optional built in backup battery. In order to reboot these,
it is necessary to unplug the power from the gateway, remove the
battery for about 15 seconds, plug the battery back in, plug the power
back in, and watch the lights come sloooooowly back on.


Watched to local news last night, anyone following their instructions
will *reset* his router to the defaults.


Yep. That's because the average reporter or announcer doesn't know
the difference between reboot, reset, restart, power cycle, cold boot,
hot boot, etc.


Also: "Cisco said part of the code used by VPNFilter can still persist
until the affected device is reset to its factory-default settings."

So a reset actually might be required.

Little surprise because the older computahs had a
button labeled "reset" that did a "reboot". However, when the button
moved to modems and routers, it did both a reset (wipe all settings),
and a reboot (restart the OS). I partly solved the problem by
covering the hole with a round label inscribed with "$35" which is
what it will cost them to have me drive over to their office and put
Humpty Dumpty back together again.

Of course, nothing happens without a suitable conspiracy theory. In
this case, I must ask why the FBI insisted that everyone reset their
routers when only a few models are susceptible. Also, ISP's like
AT&T, can easily reboot their customers routers using SNMP. My
initial guess was that the FBI thought it better to be sure than sorry
when dealing with credential sniffing malware. However, the FBI has
never been known for such lofty sentiments. My guess(tm) is that this
may well be the first technical action in recent memory that the FBI
has performed mostly correctly. They may need the good publicity it
brings to compensate for the general impression of gross incompetence
demonstrated by the Apple iPhone unlocking fiasco.

Unfortunately, my prediction of personal economic enrichment may have
been premature. National Reboot Your Router Day has produced only two
paying service calls and a few unprofitable phone calls and emails.
Very disappointing. Still, I predict additional press releases in the
future by the FBI to remind us that we're being successfully protected
from the machinations of the Russians.

See the "Gell-Mann Amnesia Effect" for further details.


https://en.wikipedia.org/wiki/Gell-Mann_amnesia_effect



Fox's Mercantile May 30th 18 06:50 AM

National Reboot your Router Day
 
On 5/29/18 5:24 PM, Fred Smith wrote:
All the weekly attempts to log into my server traceroute back to
China, not Russia. I suppose it could be those fiendishly clever
Russians spoofing, of course.


Or some 400 lb guy living in his mother's basement. ;-)

--
"I am a river to my people."
Jeff-1.0
WA6FWi
http:foxsmercantile.com

[email protected] May 30th 18 07:13 AM

National Reboot your Router Day
 
"Of course, nothing happens without a suitable conspiracy theory. In
this case, I must ask why the FBI insisted that everyone reset their
routers when only a few models are susceptible."

They insisted ? Fukum, I didn't do it. Hold on, there's a knock at the door....

....

....

Don't worry, I shot them. Now, is this possibly the cause of my having trouble to get to certain sites ? These are mainly sites I have never been to before. Everything I normally use is alright, but anything new seems to time out and that is in more than one browser.

Maybe some DNSes got screwed up or something like that, but the places I frequent have a backup somewhere ? just a wild guess

Jeff Liebermann June 3rd 18 07:03 PM

National Reboot your Router Day
 
On Wed, 30 May 2018 10:19:09 +1000, Clifford Heath
wrote:

Also: "Cisco said part of the code used by VPNFilter can still persist
until the affected device is reset to its factory-default settings."

So a reset actually might be required.


You're right. Here's the source of the Cisco recommendation:
https://blog.talosintelligence.com/2018/05/VPNFilter.html
See "Stage 1 (Persistent Loader)" section:
VPNFilter's stage 1 malware infects devices running firmware
based on Busybox and Linux, and is compiled for several CPU
architectures. The main purpose of these first-stage binaries
is to locate a server providing a more fully featured second
stage, and to download and maintain persistence for this next
stage on infected devices. It is capable of modifying
non-volatile configuration memory (NVRAM) values and adds
itself to crontab, the Linux job scheduler, to achieve
persistence.

So, it looks like I might be doing some reset to defaults and firmware
updates on affected routers. The crontab file is probably in the
firmware. Argh.

Incidentally, of the two customers who reset their routers to
defaults, I was able to recover by walking them through the initial
setup to get their device on the internet, and then restoring their
saved settings, which I save for every router I configure. I didn't
charge either customer if they promised to never do that again.
However, if they're on the affected router list, I'll need to visit
them and update the firmware.


--
Jeff Liebermann
150 Felker St #D
http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Jeff Liebermann June 7th 18 05:34 PM

National Reboot your Router Day
 
On Sun, 03 Jun 2018 10:03:57 -0700, Jeff Liebermann
wrote:

On Wed, 30 May 2018 10:19:09 +1000, Clifford Heath
wrote:

Also: "Cisco said part of the code used by VPNFilter can still persist
until the affected device is reset to its factory-default settings."

So a reset actually might be required.


You're right. Here's the source of the Cisco recommendation:
https://blog.talosintelligence.com/2018/05/VPNFilter.html


The list of potentially affected routers has been expanded by Cisco:
https://blog.talosintelligence.com/2018/06/vpnfilter-update.html

--
Jeff Liebermann
150 Felker St #D
http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558


All times are GMT +1. The time now is 01:14 PM.

Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004 - 2014 DIYbanter