Page 1 of 1

upnp botnet

Posted: Mon Nov 19, 2018 12:17 pm
by billionuser98
Hi there

I have a
Triple WAN ADSL2+ Firewall Router
Model Name BiPAC 8800AXL
Software Version 2.32e
DSL PHY and Driver Version A2pv6F039g1.d24m
Wireless Driver Version 6.30.102.7.cpe4.12L08.4

I see this article
http://blog.netlab.360.com/bcmpupnp_hun ... ammers-en/

about a botnet using some uPNP backdoor. It mentions Billion ADSL2+ routers.

Can Billion confirm :

1/if this device is affected by this botnet attack?

If it is affected:
2/ when will the FW be updated to fix this?
3/ What steps can we take in the meantime to protect ourselves?

thanks,
Hadyn

Re: upnp botnet

Posted: Mon Nov 19, 2018 12:21 pm
by billion_fan
billionuser98 wrote:
Mon Nov 19, 2018 12:17 pm
Hi there

I have a
Triple WAN ADSL2+ Firewall Router
Model Name BiPAC 8800AXL
Software Version 2.32e
DSL PHY and Driver Version A2pv6F039g1.d24m
Wireless Driver Version 6.30.102.7.cpe4.12L08.4

I see this article
http://blog.netlab.360.com/bcmpupnp_hun ... ammers-en/

about a botnet using some uPNP backdoor. It mentions Billion ADSL2+ routers.

Can Billion confirm :

1/if this device is affected by this botnet attack?

If it is affected:
2/ when will the FW be updated to fix this?
3/ What steps can we take in the meantime to protect ourselves?

thanks,
Hadyn
As long as you are on firmware 2.32e or higher you should not be effected

Re: upnp botnet

Posted: Fri Nov 30, 2018 5:15 pm
by JonnyFuse
Hi billion_fan
I am running a Billion 7800 DXL on 2.32d still running faultlessly for almost 5 years, since reading the article posted by billionuser98 I am wondering if the router could have been compromised as I did have UPNP enabled, now disabled.
Block WAN PING is enabled and I have no external services setup on the router. I had left UPNP enabled for a couple of Xboxes but have now entered virtual servers manually for them.

How would I even know if it had been compromised?

Appreciate not quite the right forum posting on the 8800 series board but hopefully you can help?

Thanks
J

Re: upnp botnet

Posted: Fri Nov 30, 2018 5:42 pm
by billion_fan
JonnyFuse wrote:
Fri Nov 30, 2018 5:15 pm
Hi billion_fan
I am running a Billion 7800 DXL on 2.32d still running faultlessly for almost 5 years, since reading the article posted by billionuser98 I am wondering if the router could have been compromised as I did have UPNP enabled, now disabled.
Block WAN PING is enabled and I have no external services setup on the router. I had left UPNP enabled for a couple of Xboxes but have now entered virtual servers manually for them.

How would I even know if it had been compromised?

Appreciate not quite the right forum posting on the 8800 series board but hopefully you can help?

Thanks
J
Its hard to tell as there are different variants of this attack (people use it in different ways), but I have been told by our HQ fw 2.32e and above is not effected

Re: upnp botnet

Posted: Fri Nov 30, 2018 6:50 pm
by JonnyFuse
Thanks billion_fan for the quick reply that's kind of reassuring.

I would still be interested to know if there is any way to tell if a system is compromised and/or if I upgrade to 2.32e would that be a sure fire way to overwrite any malware?

Just call me paranoid :)
Regards
J

Re: upnp botnet

Posted: Mon Dec 03, 2018 9:31 am
by billion_fan
JonnyFuse wrote:
Fri Nov 30, 2018 6:50 pm
Thanks billion_fan for the quick reply that's kind of reassuring.

I would still be interested to know if there is any way to tell if a system is compromised and/or if I upgrade to 2.32e would that be a sure fire way to overwrite any malware?

Just call me paranoid :)
Regards
J
Edit

Just got further clarification you must upgrade to 2.32e as this vulnerability was patched with this firmware. (all posts above have been adjusted)