DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Draytek 2925 hacked

  • joners
  • User is blocked
  • User is blocked
More
18 May 2018 12:52 #13 by joners
Replied by joners on topic Re: Draytek 2925 hacked

DavSands wrote: We were running v3.8.4 firmware, now I've updated it to v3.8.8. I've also disabled ALL remote management! We have more routers in a good number for home-based staff, we're about to start to manually check them but I do not want to have to turn off remote management, they are home-based staff after all!



Disable remote management and setup a VPN, then just connect and manage the devices that way. Its safer and simple to do.

Please Log in or Create an account to join the conversation.

More
18 May 2018 14:09 #14 by admin
Replied by admin on topic Re: Draytek 2925 hacked
https://www.draytek.co.uk/support/security-advisories/kb-advisory-csrf-and-dns-dhcp-web-attacks

Forum Administrator

Please Log in or Create an account to join the conversation.

  • davsands
  • Topic Author
  • Offline
  • New Member
  • New Member
More
18 May 2018 14:40 #15 by davsands
Replied by davsands on topic Re: Draytek 2925 hacked

admin wrote: https://www.draytek.co.uk/support/security-advisories/kb-advisory-csrf-and-dns-dhcp-web-attacks



Thanks for the update admin... I'll take a look though the articles and see if we've missed anything off the list. Just referring back to what andy100 wrote and CSRF and the syslog that didn't even show the attack; CSRF would only allow someone to take over a session (of sorts), it's doesn't explain the attack on multiple devices at the (around) same time? Not unless a site like Google had the CSRF?

Please Log in or Create an account to join the conversation.

More
18 May 2018 14:50 #16 by andy100
Replied by andy100 on topic Re: Draytek 2925 hacked
I've also requested verification for reasons to disable SSL VPN service. Awaiting a reply

Please Log in or Create an account to join the conversation.

More
18 May 2018 16:13 #17 by andy100
Replied by andy100 on topic Re: Draytek 2925 hacked
Reply: As part of the SSL VPN feature, the SSL VPN presents a web interface to the WAN which is why the advise recommend disabling it or updating firmware.

A new firmware is available too, so will have to update a lot of routers....

Please Log in or Create an account to join the conversation.

  • maxwellhadley
  • User
  • User
More
18 May 2018 16:28 #18 by maxwellhadley
Replied by maxwellhadley on topic Re: Draytek 2925 hacked
Just read the latest advisory and updated my 2860 to 3.8.8_BT, though it doesn't seem to have been hit so far. I see the advisory recommends checking the 'Enable Validation Code in Internet/LAN Access' checkbox. What is this Validation Code of which they speak? I don't want to blindly enable it and risk locking myself out of the router! The manual is no help at all, as usual.

Please Log in or Create an account to join the conversation.