MikroTik Routers Are Forwarding Owners' Traffic To Unknown Attackers
MikroTik Routers Are Forwarding Owners' Traffic To Unknown Attackers
Published on September 04, 2018 at 11:00PM
Attackers have been exploiting vulnerabilities in MikroTik routers to forward network traffic to a handful of IP addresses under their control. "The bug is in Winbox management component and allows a remote attacker to bypass authentication and read arbitrary files," reports Bleeping Computer. "Exploit code is freely available from at least three sources from at least three sources." From the report: 360Netlab announced in a blog post today that more than 7,500 MikroTik routers across the world are currently delivering their TZSP (TaZmen Sniffer Protocol) traffic to nine external IP addresses. According to the researchers, the attacker modified the device's packet sniffing settings to forward the data to their locations. "37.1.207.114 is the top player among all the attackers. A significant number of devices have their traffic going to this destination," Qihoo experts inform. The analysis shows that the attacker is particularly interested in ports 20, 21, 25, 110, and 144, which are for FTP-data, FTP, SMTP, POP3, and IMAP traffic. An unusual interest is in traffic from SNMP (Simple Network Management Protocol) ports 161 and 162, which researchers cannot explain at the moment. The largest number of compromised devices, 1,628, is in Russia, followed by Iran (637), Brazil (615), India (594) and Ukraine (544). The researchers say that security outfits in the affected countries can contact them at netlab[at]360.cn for a full list of IPs.
Hope you like this please comment your view and share to your friends thanks for visiting bye guys meet you in next post
Published on September 04, 2018 at 11:00PM
Attackers have been exploiting vulnerabilities in MikroTik routers to forward network traffic to a handful of IP addresses under their control. "The bug is in Winbox management component and allows a remote attacker to bypass authentication and read arbitrary files," reports Bleeping Computer. "Exploit code is freely available from at least three sources from at least three sources." From the report: 360Netlab announced in a blog post today that more than 7,500 MikroTik routers across the world are currently delivering their TZSP (TaZmen Sniffer Protocol) traffic to nine external IP addresses. According to the researchers, the attacker modified the device's packet sniffing settings to forward the data to their locations. "37.1.207.114 is the top player among all the attackers. A significant number of devices have their traffic going to this destination," Qihoo experts inform. The analysis shows that the attacker is particularly interested in ports 20, 21, 25, 110, and 144, which are for FTP-data, FTP, SMTP, POP3, and IMAP traffic. An unusual interest is in traffic from SNMP (Simple Network Management Protocol) ports 161 and 162, which researchers cannot explain at the moment. The largest number of compromised devices, 1,628, is in Russia, followed by Iran (637), Brazil (615), India (594) and Ukraine (544). The researchers say that security outfits in the affected countries can contact them at netlab[at]360.cn for a full list of IPs.
Read more of this story at Slashdot.
Hope you like this please comment your view and share to your friends thanks for visiting bye guys meet you in next post
MikroTik Routers Are Forwarding Owners' Traffic To Unknown Attackers
![MikroTik Routers Are Forwarding Owners' Traffic To Unknown Attackers]()
Reviewed by Kartik
on
September 04, 2018
Rating:
No comments: