Restore your router's factory default settings!

[Jeffbert]

Is the FBI right about rebooting your router?

While my router was NOT on the list, I restored it anyway. need to check this page to see if that is enough. Sure glad I made a couple of restore settings files on a pair on flash drives. Very easy to reload my settings. : No firmware updates were available; maybe I will double check!

 

[tinkerdan]

Rebooting probably will do little to help since it likely won't clear up the problem. Resetting to default will temporarily stop it(if it helps at all); however if the malware was there it will find a way in again until you update the firmware and, or in the event there are no updates, you replace the router with something more current.

However I'd stick with the known list presently and wait until that is updated list that includes your router before fixing anything unless you are itching for an upgrade to better hardware: then you should just replace it.

I just returned from vacation and all my routers were disconnected (I shut them down when I left) while I was gone so I checked them and they are all new enough they are not on the list.

I do have to get to work soon and check those; however I just purchased the lot of them this year, so I suspect I should be alright with those also.

 

[Jeffbert]

Thanks, tinkerdan! Oops, I just found an update, already 2 days old, that had an expanded list linked to it. VPNFilter router malware is worse than first thought, affects more devices

List is at the bottom of this page: Cisco's Talos Intelligence Group Blog: VPNFilter Update - VPNFilter exploits endpoints, targets new devices

My router is still not listed, though I have already taken the steps to purge it.

 

[tinkerdan]

For the most part it looks as though in many cases if you changed most of the default parameters--specifically password and username when possible--there is less chance that you are infected; although there are known older exploits that are existent in old systems that have not been updated--so, updates are important.

I have a total of 8 routers I'm responsible for and none are on the list--I always change the settings because of the way my networks are crafted. Still it doesn't hurt to maintain them regardless of known external threats.

It's curious that no Cisco devices seem to be targeted.
And equally troubling that so many Netgear devices are--especially such a large block of newer devices.
Netgear devices have never played nice in my networks so I shy away from the trouble of continually confirming that by no longer purchasing them.

Also I always make sure there is no way to manage them externally.(except those supplied by ISP's who insist that they have to have access.)

 

[-K2-]

Dang, that turned my brain to mush. Way above my knowledge base. So after reading through it all, I check to see what my personal gear is turning out to be Cisco. So I start looking and looking, checking the new lists and old, and once I get back to the first page I read (the updated info), it turns out that Cisco routers aren't affected.

Whew, I think it's time for a big-kid drink

K2

 

[Jeffbert]

I have an IT friend, who has helped me look for vulnerabilities in my router.