Mike DePaulo on 29 Nov 2018 09:46:01 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Hackers are opening SMB ports on routers so they can infect PCs with NSA malware


On Thu, Nov 29, 2018 at 12:32 PM Rich Freeman <r-plug@thefreemanclan.net> wrote:
>
> On Thu, Nov 29, 2018 at 12:18 PM jeff <jeffv@op.net> wrote:
> >
> > On 11/29/18 12:02 PM, Michael Leone wrote:
> > > Is UPnP routinely turned on, when you buy a new router? I didn't think
> > > it was. Which means you, or something on your LAN, turned it on, in the
> > > first place ...
Most consumer routers enable it by default.
> > >
> >
> > Same with the AWS buckets. Closed by default, so the people who
> > purposely open them have the enemy in-house (from my reading). It's
> > Shodan at the IT Corral.
>
> I imagine that client tool settings may be an issue here.  I
> discovered a bucket with a public ACL earlier this week.
> [...]

UPnP doesn't have ACLs at all. It is an inherent deficiency.

OpenWRT (including via its webgui) does let you configure what port
ranges can be forwarded though. It does not allow low ports 1-1024 by
default, which would block SMB.

-Mike
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug