Server/device on my network: an.yandex.ru hosted on my router?

Discussions for BiPAC 8800 series: 8800NL
Post Reply
Gareth30800
Posts: 3
Joined: Tue Feb 26, 2019 6:29 am

Server/device on my network: an.yandex.ru hosted on my router?

Post by Gareth30800 » Tue Feb 26, 2019 6:34 am

Hi

Can anyone cast any light on this…

I noticed a server on my internal LAN with the name an.yandex.ru
I could see this from my Network browser (route level of Finder Window on my Mac) along with other Servers that I had set up myself.

As I knew nothing of an.yandex.ru I was concerned. (Google searches were not conclusive, but there was some suggestion of malware)

These are the steps I took

1) When I connected my Mac to a different network, an.yandex.ru disappeared from my Network Browser
2) an.yandex.ru was visible from other Macs on my LAN
3) I wanted to find the device that was hosting an.yandex.ru, so I started to isolate my network

a) On my Router (Billion BiPAC 8800NL) - I disconnected all network connections & connected my Mac to the Billion Router via wifi - I could still see an.yandex.ru in my Network browser
b) I disconnected the feed from the internet (evolving network) - I could still see an.yandex.ru in my Network browser
c) I restarted the Billion Router - finally an.yandex.ru disappeared
d) I reconnected everything & an.yandex.ru has so far NOT reappeared

So it would appear that my Billion Router was hosting an.yandex.ru on my LAN, but a simple restart has cleared this.

Does anyone have any ideas on how this would get on my Billion Router, is an.yandex.ru malware?

(My admin password to access the router is strong, my wifi SSIS is visible & the password is ok, but I give it freely to visitors)

Any help, advice or suggestions would be greatly appreciated

Gareth

billion_fan
Posts: 5208
Joined: Tue Jul 19, 2011 4:30 pm

Re: Server/device on my network: an.yandex.ru hosted on my router?

Post by billion_fan » Tue Feb 26, 2019 9:31 am

Gareth30800 wrote:
Tue Feb 26, 2019 6:34 am
Hi

Can anyone cast any light on this…

I noticed a server on my internal LAN with the name an.yandex.ru
I could see this from my Network browser (route level of Finder Window on my Mac) along with other Servers that I had set up myself.

As I knew nothing of an.yandex.ru I was concerned. (Google searches were not conclusive, but there was some suggestion of malware)

These are the steps I took

1) When I connected my Mac to a different network, an.yandex.ru disappeared from my Network Browser
2) an.yandex.ru was visible from other Macs on my LAN
3) I wanted to find the device that was hosting an.yandex.ru, so I started to isolate my network

a) On my Router (Billion BiPAC 8800NL) - I disconnected all network connections & connected my Mac to the Billion Router via wifi - I could still see an.yandex.ru in my Network browser
b) I disconnected the feed from the internet (evolving network) - I could still see an.yandex.ru in my Network browser
c) I restarted the Billion Router - finally an.yandex.ru disappeared
d) I reconnected everything & an.yandex.ru has so far NOT reappeared

So it would appear that my Billion Router was hosting an.yandex.ru on my LAN, but a simple restart has cleared this.

Does anyone have any ideas on how this would get on my Billion Router, is an.yandex.ru malware?

(My admin password to access the router is strong, my wifi SSIS is visible & the password is ok, but I give it freely to visitors)

Any help, advice or suggestions would be greatly appreciated

Gareth
The only thing I can find in reference to an.yandex.ru. is a browser highjack.

I haven't had any similar reports of a rogue server appearing on the network on any of our Billion devices.

Things to make sure you are secure

1. Make sure the WAN side firewall is enabled (Configuration>>WAN >> WAN Service, edit your current WAN and make sure the firewall tick box is enabled
2. Make sure no one has changed the DNS server on your router (Advanced Setup >>> DNS >> DNS)
3. If remote access is enabled for the 8800NL, try not to enable telnet or SSH or lock down the IP address range that can access your device from a remote connection (meaning only the IP address entered is allowed to access your device, a static remote IP address will be needed for remote management)
4. Check your servers to make sure they are secure, eg make sure SSH, Telnet is not exposed even by UPNP.
5. Run malware bytes on all devices to check for malware

oldgasman
Posts: 1
Joined: Sat Mar 02, 2019 10:19 pm

Re: Server/device on my network: an.yandex.ru hosted on my router?

Post by oldgasman » Sat Mar 02, 2019 10:36 pm

Hi,

I had exactly the same problem with my BiPAC 7800DXL, so there may be others out there who haven’t noticed that they have the same issue lurking on their systems.

I did exactly the same as you and had the same results, clearing the ‘an.yandex.ru’ network neighbourhood entry when I did a power cycle. I also checked the syslog and found no apparent issues or suspect entries, so I’m at a loss as to where this came from and what, if anything, it was doing?

I will keep an eye on this forum to see if someone can find what this was and where it came from.

Cheers, … John

frogman
Posts: 1
Joined: Mon May 11, 2020 4:30 pm

Re: Server/device on my network: an.yandex.ru hosted on my router?

Post by frogman » Mon May 11, 2020 4:33 pm

This topic maybe a year old but I had the EXACT same problem. Was repairing someones mac.. I saw "an.yandex.ru" on the network and it was a fresh install of macOS. Looked around my devices, virus scans, router settings. ]

Just like in this topic the thing that removed it was just a power cycle of my 7800 router.

billion_fan
Posts: 5208
Joined: Tue Jul 19, 2011 4:30 pm

Re: Server/device on my network: an.yandex.ru hosted on my router?

Post by billion_fan » Tue May 12, 2020 9:25 am

frogman wrote:
Mon May 11, 2020 4:33 pm
This topic maybe a year old but I had the EXACT same problem. Was repairing someones mac.. I saw "an.yandex.ru" on the network and it was a fresh install of macOS. Looked around my devices, virus scans, router settings. ]

Just like in this topic the thing that removed it was just a power cycle of my 7800 router.
I will check with our engineers,

Post Reply