upnp botnet

Discussions for BiPAC 8800 series: 8800NL
Post Reply
billionuser98
Posts: 4
Joined: Tue Apr 12, 2016 10:31 am

upnp botnet

Post by billionuser98 » Mon Nov 19, 2018 12:17 pm

Hi there

I have a
Triple WAN ADSL2+ Firewall Router
Model Name BiPAC 8800AXL
Software Version 2.32e
DSL PHY and Driver Version A2pv6F039g1.d24m
Wireless Driver Version 6.30.102.7.cpe4.12L08.4

I see this article
http://blog.netlab.360.com/bcmpupnp_hun ... ammers-en/

about a botnet using some uPNP backdoor. It mentions Billion ADSL2+ routers.

Can Billion confirm :

1/if this device is affected by this botnet attack?

If it is affected:
2/ when will the FW be updated to fix this?
3/ What steps can we take in the meantime to protect ourselves?

thanks,
Hadyn

billion_fan
Posts: 5222
Joined: Tue Jul 19, 2011 4:30 pm

Re: upnp botnet

Post by billion_fan » Mon Nov 19, 2018 12:21 pm

billionuser98 wrote:
Mon Nov 19, 2018 12:17 pm
Hi there

I have a
Triple WAN ADSL2+ Firewall Router
Model Name BiPAC 8800AXL
Software Version 2.32e
DSL PHY and Driver Version A2pv6F039g1.d24m
Wireless Driver Version 6.30.102.7.cpe4.12L08.4

I see this article
http://blog.netlab.360.com/bcmpupnp_hun ... ammers-en/

about a botnet using some uPNP backdoor. It mentions Billion ADSL2+ routers.

Can Billion confirm :

1/if this device is affected by this botnet attack?

If it is affected:
2/ when will the FW be updated to fix this?
3/ What steps can we take in the meantime to protect ourselves?

thanks,
Hadyn
As long as you are on firmware 2.32e or higher you should not be effected

JonnyFuse
Posts: 3
Joined: Fri Apr 10, 2015 3:05 pm

Re: upnp botnet

Post by JonnyFuse » Fri Nov 30, 2018 5:15 pm

Hi billion_fan
I am running a Billion 7800 DXL on 2.32d still running faultlessly for almost 5 years, since reading the article posted by billionuser98 I am wondering if the router could have been compromised as I did have UPNP enabled, now disabled.
Block WAN PING is enabled and I have no external services setup on the router. I had left UPNP enabled for a couple of Xboxes but have now entered virtual servers manually for them.

How would I even know if it had been compromised?

Appreciate not quite the right forum posting on the 8800 series board but hopefully you can help?

Thanks
J

billion_fan
Posts: 5222
Joined: Tue Jul 19, 2011 4:30 pm

Re: upnp botnet

Post by billion_fan » Fri Nov 30, 2018 5:42 pm

JonnyFuse wrote:
Fri Nov 30, 2018 5:15 pm
Hi billion_fan
I am running a Billion 7800 DXL on 2.32d still running faultlessly for almost 5 years, since reading the article posted by billionuser98 I am wondering if the router could have been compromised as I did have UPNP enabled, now disabled.
Block WAN PING is enabled and I have no external services setup on the router. I had left UPNP enabled for a couple of Xboxes but have now entered virtual servers manually for them.

How would I even know if it had been compromised?

Appreciate not quite the right forum posting on the 8800 series board but hopefully you can help?

Thanks
J
Its hard to tell as there are different variants of this attack (people use it in different ways), but I have been told by our HQ fw 2.32e and above is not effected

JonnyFuse
Posts: 3
Joined: Fri Apr 10, 2015 3:05 pm

Re: upnp botnet

Post by JonnyFuse » Fri Nov 30, 2018 6:50 pm

Thanks billion_fan for the quick reply that's kind of reassuring.

I would still be interested to know if there is any way to tell if a system is compromised and/or if I upgrade to 2.32e would that be a sure fire way to overwrite any malware?

Just call me paranoid :)
Regards
J

billion_fan
Posts: 5222
Joined: Tue Jul 19, 2011 4:30 pm

Re: upnp botnet

Post by billion_fan » Mon Dec 03, 2018 9:31 am

JonnyFuse wrote:
Fri Nov 30, 2018 6:50 pm
Thanks billion_fan for the quick reply that's kind of reassuring.

I would still be interested to know if there is any way to tell if a system is compromised and/or if I upgrade to 2.32e would that be a sure fire way to overwrite any malware?

Just call me paranoid :)
Regards
J
Edit

Just got further clarification you must upgrade to 2.32e as this vulnerability was patched with this firmware. (all posts above have been adjusted)

Post Reply