路由重定向到一个路由
Bear with me, for now this will be a tiny post, a placeholder, but I am looking for feedback, ideas, comments and I will keep this post updated.
忍受我,现在这将是一个很小的帖子,一个占位符,但是我正在寻找反馈,想法,评论,并且我将不断更新此帖子。
The scenario: My local sandwich shop where I often hang out and work remotely has a wireless router that started to redirect me to a fake "update your flash" and download a "Install flashplayer_10924_i13445851_il345.exe" malware file. There are no viruses, rootkits, or malware on my PC. This affects their PoS (Point of Sale) system, tablets, iPhones. Also, it's not a DNS hijack, as the URL from the HTTP doesn't change. It's a MitM attack (Man in the Middle) where x number of HTTP GETs work fine and then every few hundred the router returns it's own HTML. The requestor doesn't know the difference.
方案:我经常在附近的三明治店闲逛并远程工作的无线路由器开始将我重定向到伪造的“更新您的闪存”并下载“ Install flashplayer_10924_i13445851_il345.exe”恶意软件文件。 我的PC上没有病毒,rootkit或恶意软件。 这会影响他们的PoS(销售点)系统,平板电脑,iPhone。 另外,它也不是DNS劫持,因为HTTP的URL不会更改。 这是一种MitM攻击(中间人),其中x个HTTP GET正常工作,然后每隔几百个路由器返回其自己HTML。 请求者不知道区别。
The router he has is a V1000W Wireless N VDSL Modem Router. I'm suspecting the "Moon" virus but I'm not sure, as this isn't a Linksys. The firmware is ancient from 2009 and that's the latest one I can find.
他拥有的路由器是V1000W无线N VDSL调制解调器路由器。 我怀疑是“月亮”病毒,但我不确定,因为它不是Linksys。 该固件是2009年的旧版本,这是我能找到的最新版本。
Before you reply:
在您回覆之前:
- I'm technical, but the public is often not. Comments like "run openwrt" are certainly valid for a techie, but I'd like to know something more populist: 我是技术人员,但公众通常不是。 诸如“ run openwrt”之类的注释对于技术人员当然是有效的,但我想了解更多民粹主义者:
- Can this router (and others like it) be fixed? Or is this bricked? Can I flash it with the original firmware to restore? 这个路由器(和其他类似的路由器)可以固定吗? 或者这是砖头? 我可以使用原始固件对其进行闪存恢复吗?
- Remote management isn't enabled. What port did the attack happen on? 未启用远程管理。 攻击发生在哪个端口?
- How can I confirm it has it (all signs point to it) with some curl command? 如何通过一些curl命令确认它是否具有它(所有符号都指向它)?
- What routers have this? What is the source? 什么路由器有这个? 来源是什么?
- What can a regular Jane/Joe do about this if they have Frontier/FIOs/CenturyLink, etc? 如果普通的Jane / Joe有Frontier / FIO / CenturyLink等,该怎么办?
Thoughts?
有什么想法吗?
路由重定向到一个路由