Exploit changes DNS settings and disable LAN interfaces
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Exploit changes DNS settings and disable LAN interfaces
Region : Argentina
Model : TD-W8968
Hardware Version : V3
Firmware Version :
ISP :
Hi!
I work at a major ISP in Argentina, we use among others the TD-W8151N router modem.
Thousands of our costumers are experiencing troubles relating with some kind of attack from a virus or "exploit" that do the following:
1.- Changes the DNS server to some "fake" servers ( 68.168.98.196 and 216.55.138.88 in our case )
2.- Disables the Physical ports of the DHCP server, LAN, Interfaces setup section.
I read some "old" articles with scary news:
http://www.pcworld.com/article/2104380/attack-campaign-compromises-300000-home-routers-alters-dns-settings.html
http://www.jakoblell.com/blog/2013/10/30/real-world-csrf-attack-hijacks-dns-server-configuration-of-tp-link-routers-2/
https://www.youtube.com/watch?v=pz9cZtdOrT8
Here my questions:
1- Does the last firmware fix this issue?
2- Where can we get that?
3- There are any tool to remotely fix thousand of devices firmwares?
I try to run an script to set the right configuration:
[CODE]set lan dhcp server
set lan dhcpdns a.c.d.c e.f.g.h[/CODE]
but did not find yet the commands to enable the Physical port at LAN interface.
4- Which command I need to run to enable the port?
Here the screenshot of a attacked device.
Model : TD-W8968
Hardware Version : V3
Firmware Version :
ISP :
Hi!
I work at a major ISP in Argentina, we use among others the TD-W8151N router modem.
Thousands of our costumers are experiencing troubles relating with some kind of attack from a virus or "exploit" that do the following:
1.- Changes the DNS server to some "fake" servers ( 68.168.98.196 and 216.55.138.88 in our case )
2.- Disables the Physical ports of the DHCP server, LAN, Interfaces setup section.
I read some "old" articles with scary news:
http://www.pcworld.com/article/2104380/attack-campaign-compromises-300000-home-routers-alters-dns-settings.html
http://www.jakoblell.com/blog/2013/10/30/real-world-csrf-attack-hijacks-dns-server-configuration-of-tp-link-routers-2/
https://www.youtube.com/watch?v=pz9cZtdOrT8
Here my questions:
1- Does the last firmware fix this issue?
2- Where can we get that?
3- There are any tool to remotely fix thousand of devices firmwares?
I try to run an script to set the right configuration:
[CODE]set lan dhcp server
set lan dhcpdns a.c.d.c e.f.g.h[/CODE]
but did not find yet the commands to enable the Physical port at LAN interface.
4- Which command I need to run to enable the port?
Here the screenshot of a attacked device.