• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Is your router comprised with the MOON worm?

Yeah, this has been discussed on other sites for a while now.

bastards...my ISP just replaced my Linksys EA2700 that kept dropping connection with a Linksys E2000...🙁
Time to just go buy one of my own.
 
Shitty ass router though. I guess thats why you should really stick to Fortinets and Cisco ASAs

Those SOHO routers are shit.


Anyhow the link in the post what shows up on vulnerable routers. ie below.

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<GetDeviceSettingsResponse xmlns="http://purenetworks.com/HNAP1/">
<GetDeviceSettingsResult>OK</GetDeviceSettingsResult>
<Type>GatewayWithWiFi</Type>
<DeviceName>gspot</DeviceName>
<VendorName>Linksys</VendorName>
<ModelDescription>Linksys E3200</ModelDescription>
<ModelName>E3200</ModelName>
<FirmwareVersion>1.0.00 build 13</FirmwareVersion>
<PresentationURL>http://192.168.1.1/</PresentationURL>
<SOAPActions>
<string>http://purenetworks.com/HNAP1/IsDeviceReady</string>
<string>http://purenetworks.com/HNAP1/GetDeviceSettings</string>
<string>http://purenetworks.com/HNAP1/SetDeviceSettings</string>
<string>http://purenetworks.com/HNAP1/GetDeviceSettings2</string>
<string>http://purenetworks.com/HNAP1/SetDeviceSettings2</string>
<string>http://purenetworks.com/HNAP1/Reboot</string>
<string>
http://purenetworks.com/HNAP1/RestoreFactoryDefaults
</string>
<string>http://purenetworks.com/HNAP1/RenewWanConnection</string>
<string>http://purenetworks.com/HNAP1/GetWanSettings</string>
<string>http://purenetworks.com/HNAP1/SetWanSettings</string>
<string>
http://purenetworks.com/HNAP1/GetRouterLanSettings2
</string>
<string>
http://purenetworks.com/HNAP1/SetRouterLanSettings2
</string>
<string>http://purenetworks.com/HNAP1/GetWanInfo</string>
<string>http://purenetworks.com/HNAP1/GetPortMappings</string>
<string>http://purenetworks.com/HNAP1/AddPortMapping</string>
<string>http://purenetworks.com/HNAP1/DeletePortMapping</string>
<string>http://purenetworks.com/HNAP1/GetMACFilters2</string>
<string>http://purenetworks.com/HNAP1/SetMACFilters2</string>
<string>http://purenetworks.com/HNAP1/GetConnectedDevices</string>
<string>http://purenetworks.com/HNAP1/GetNetworkStats</string>
<string>http://purenetworks.com/HNAP1/GetClientStats</string>
<string>http://purenetworks.com/HNAP1/GetWLanRadios</string>
<string>http://purenetworks.com/HNAP1/GetWLanRadioSettings</string>
<string>http://purenetworks.com/HNAP1/SetWLanRadioSettings</string>
<string>http://purenetworks.com/HNAP1/GetWLanRadioSecurity</string>
<string>http://purenetworks.com/HNAP1/SetWLanRadioSecurity</string>
<string>http://purenetworks.com/HNAP1/GetRouterSettings</string>
<string>http://purenetworks.com/HNAP1/SetRouterSettings</string>
<string>http://purenetworks.com/HNAP1/GetFirmwareSettings</string>
<string>http://purenetworks.com/HNAP1/FirmwareUpload</string>
<string>http://purenetworks.com/HNAP1/DownloadSpeedTest</string>
<string>http://cisco.com/HNAPExt/HND/GetPolicySettings</string>
<string>http://cisco.com/HNAPExt/HND/SetPolicySettings</string>
<string>
http://cisco.com/HNAPExt/HND/GetDefaultPolicySetting
</string>
<string>
http://cisco.com/HNAPExt/HND/SetDefaultPolicySetting
</string>
<string>http://cisco.com/HNAPExt/HND/GetTMSSSLicense</string>
<string>http://cisco.com/HNAPExt/HND/ActivateTMSSS</string>
<string>http://cisco.com/HNAPExt/HND/GetTMSSSSettings</string>
<string>http://cisco.com/HNAPExt/HND/SetTMSSSSettings</string>
<string>
http://cisco.com/HNAPExt/HND/GetPolicySettingsCapabilities
</string>
<string>http://cisco.com/HNAPExt/HotSpot/GetDeviceInfo</string>
<string>http://cisco.com/HNAPExt/HotSpot/SetDeviceInfo</string>
<string>http://cisco.com/HNAPExt/HotSpot/GetGuestNetwork</string>
<string>http://cisco.com/HNAPExt/HotSpot/SetGuestNetwork</string>
<string>
http://cisco.com/HNAPExt/HotSpot/GetGuestNetworkLANSettings
</string>
<string>
http://cisco.com/HNAPExt/HotSpot/SetDefaultWireless
</string>
<string>
http://cisco.com/HNAPExt/HotSpot/GetWANAccessStatuses
</string>
<string>
http://cisco.com/HNAPExt/HotSpot/AddWebGUIAuthExemption
</string>
<string>
http://cisco.com/HNAPExt/HotSpot/CheckParentalControlsPassword
</string>
<string>
http://cisco.com/HNAPExt/HotSpot/GetParentalControlsResetQuestion
</string>
<string>
http://cisco.com/HNAPExt/HotSpot/HasParentalControlsPassword
</string>
<string>
http://cisco.com/HNAPExt/HotSpot/ResetParentalControlsPassword
</string>
<string>
http://cisco.com/HNAPExt/HotSpot/SetParentalControlsPassword
</string>
<string>
http://cisco.com/HNAPExt/HotSpot/SetParentalControlsResetQuestion
</string>
<string>
http://cisco.com/HNAPExt/HotSpot/GetSwitchPortLEDSettings
</string>
<string>
http://cisco.com/HNAPExt/HotSpot/SetSwitchPortLEDSettings
</string>
</SOAPActions>
<SubDeviceURLs/>
<Tasks>
<TaskExtension>
<Name>Status Page</Name>
<URL>/Status_Router.asp</URL>
<Type>Browser</Type>
</TaskExtension>
<TaskExtension>
<Name>Basic Wireless Settings</Name>
<URL>/Wireless_Basic.asp</URL>
<Type>Browser</Type>
</TaskExtension>
<TaskExtension>
<Name>Linksys E3200</Name>
<URL>http://www.linksys.com/support/E3200</URL>
<Type>Browser</Type>
</TaskExtension>
</Tasks>
</GetDeviceSettingsResponse>
</soap:Body>
</soap:Envelope>
 
BoomerD said:
Yeah, this has been discussed on other sites for a while now.

bastards...my ISP just replaced my Linksys EA2700 that kept dropping connection with a Linksys E2000...🙁
Time to just go buy one of my own.
Click to expand...

Thats what I would do I have an ASA 5505 that I have been using for a couple of years. it is rock solid. they run about 300 new (even less on ebay)
 
I have an E900 but the Remote Management was already off (and Filter Anonymous Internet Requests checked too). Never had a problem with the router but I updated the firmware anyway. Thanks for the heads up.
 
Hugo Drax said:
Shitty ass router though. I guess thats why you should really stick to Fortinets and Cisco ASAs

Those SOHO routers are shit.
Click to expand...

ASA you say?

Cisco PIX-Serie, Cisco ASA-Series

Products in the PIX series from US manufacturer Cisco were hardware firewalls, depending on the model, for small and medium-sized companies, but also for large companies and service providers. Production of the product line ended in 2008. The ASA series represents the successor models, and they are designed for businesses of different sizes as well as corporate data centers

JETPLOW: is a firmware resistant implant for Cisco PIX and ASA Firewalls that installs a permanent back door. These products were designed to cater for the needs of enterprises and data centers of all sizes.
Click to expand...



S3222_JETPLOW.cleaned.jpg
 
Last edited:
Have a WRT400N that I just replaced with an Asus RT-N56U. Day and night difference in signal strength and lack of drops.
 
I use DD-WRT and only allow remote administranstion through SSH and I have several iptables that currently protect the SSH port.
 
This is why I always turn off remote admin access and just only admin through the network. I have no real use to do remote admin on my home network when I'm not home.
 
I've always wondered why Staples, Wal Mart, etc only sell shitty routers. At least Office depot sells D-Link, but why the fuck do all these stores still sell Belkin, Stinksys, or a Netgear routers when there are much better brands available at comparable prices.... Like Buffalo.
 
88keys said:
I've always wondered why Staples, Wal Mart, etc only sell shitty routers. At least Office depot sells D-Link, but why the fuck do all these stores still sell Belkin, Stinksys, or a Netgear routers when there are much better brands available at comparable prices.... Like Buffalo.
Click to expand...

They get paid for shelf placement.
 
Wyndru said:
So is DD-WRT not vunerable to this? Are there settings I should change in my DD-WRT setup to avoid this worm?
Click to expand...

The vulnerability is in part of the linksys firmware. Simply running a different firmware makes the worm ineffective on your router, no matter what brand the router itself is.
 
88keys said:
I've always wondered why Staples, Wal Mart, etc only sell shitty routers. At least Office depot sells D-Link, but why the fuck do all these stores still sell Belkin, Stinksys, or a Netgear routers when there are much better brands available at comparable prices.... Like Buffalo.
Click to expand...


For a little more you can get commercial quality equipment. ie Fortinet or ie ASA 5505 (Which I use)

ie with commercial stuff you can do much more. I can VPN to my home with certificate based VPN(2 factor) and I can create via service policy things like drop all "Phpmyadmin" requests from the outside (only permit to the from the inside) and log the drops, block things like post/trace, server spoofing, TCP normalization etc...

much more functionality.
 
Hugo Drax said:
For a little more you can get commercial quality equipment. ie Fortinet or ie ASA 5505 (Which I use)

ie with commercial stuff you can do much more. I can VPN to my home with certificate based VPN(2 factor) and I can create via service policy things like drop all "Phpmyadmin" requests from the outside (only permit to the from the inside) and log the drops, block things like post/trace, server spoofing, TCP normalization etc...

much more functionality.
Click to expand...

All quite nice, but for 99% of people out there far more than they need and they would be unable to set anything up. Heck many of them can't even follow the user-friendly walkthrough CD to set a basic router up properly 😵
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top