Reddit Feeds

Sign up and stay connected to your favorite communities.

sign uplog in
35

Draytek router hacked

20 comments
79% Upvoted
What are your thoughts? Log in or Sign uplog insign up

For what it's worth, the rogue dns server appears to be buried in chinatelcom somewhere- the last hop with a name I see is:

chinatelecom-ic-312676-las-b3.c.telia.net 100.017 ms

38.134.121.95 100.643 ms

Original Poster13 points·3 days ago

This is in a business environment.

https://www.abuseipdb.com/check/38.134.121.95?page=1#report

2 of our draytek routers have had their DNS settings changed but the syslog show that no one signed on.

CCNA8 points·3 days ago

Well that's just no fucking good at all.

Lord of the STPs2 points·2 days ago

Did your routers have their management interface exposed to the internet?

Thank you for sharing!

Draytek has provided a vulnerability bulletin and software update:

https://www.draytek.co.uk/support/security-advisories/kb-advisory-csrf-and-dns-dhcp-web-attacks

In May 2018, we became aware of new attacks against web-enabled devices, which includes DrayTek routers.   The recent attacks have attempted to change DNS settings of routers. 

I recommend patching as soon as possible.

Original Poster4 points·3 days ago

We are just going through this at the moment, if you have a Draytek I suggest you check it asap.

thanks, so that's why this happened not too long ago. That'll be a nice round of updates.

Anyone know of a good centralized management suite for these things?

Draytek ACS allows for their routers and APs to be managed centrally. This is how we're upgrading all of our router's firmware. After testing, of course.

We found one of these Draytek pieces of crap in one of our customers, insisted they replace it. No clue who is buying this garbage, or why they would buy this over an edgerouter or a pfsense solution.

An exploited vulnerability does not mean that DrayTek routers are "garbage"...

Backdoors (...) have been found in Cisco products multiple times. MikroTik recently released (twice in a month) patches for RouterOS because critical and exploited vulnerabilities were discovered. Does that make Cisco or MT garbage?

Vulnerabilities (and severe ones) have been found in both Ubiquiti products and pfSense. That doesn't of course make any of them garbage.

The hacks about Vigor routers were found yesterday and today a new firmware along with steps for security checks were released by DrayTek. Imo the way and most importantly speed they treated this flaw is great.

No I thought they were garbage long before the exploit.

Haha. Yeah, Draytek are terrible. In the UK, it seems all 2bit IT support companies force them upon their customers as the best thing sinced sliced bread. They're just poo. To even try and compare them to Cisco or Mikrotik is a little bit daft.

Mikrotik had same issue last month?!

What makes them poo?

They're at least better than the ones ISP's generally issue, and a bit more budget friendly than the bigger names.

Do fixes like this migrate to new products?

Comment deleted3 days ago(3 children)

OP Linked to Draytek's own support/security advisory page......They are the vendor....

Original Poster6 points·3 days ago

Yes they are fully aware.

CCNA1 point·3 days ago

lol.

Comment deleted3 days ago(0 children)
Community Details

117k

Subscribers

444

Online

###Enterprise Networking Routers, switches and firewalls. Network blogs, news and network management articles. Cisco, Juniper, Brocade and more all welcome.

Create Post

r/networking Rules

1.
Rule #1: No Home Networking.
2.
Rule #2: No Certification Brain Dumps / Cheating.
3.
Rule #3: No BlogSpam / Traffic re-direction.
4.
Rule #4: No Low Quality Posts.
5.
Rule #5: No Early Career Advice.
6.
Rule #6: Educational Questions must show effort.