My router might be hijacked. What can I do?

Source: http://www.dronebl.org/blog/8

How can I tell if I have been infected?

Ports 22, 23 and 80 are blocked as part of the infection process (but NOT as part of the rootkit itself, running the rootkit itself will not alter your iptables configuration).

If these ports are blocked, you should perform a hard reset on your device, change the administrative passwords, and update to the latest firmware. These steps will remove the rootkit and ensure that your device is not reinfected.

Disinfection Instructions

To disinfect, simply powercycle your device and take appropriate action to lock it down, including the latest firmware updates, and using a secure password.

Last edited Mar 27, 2009 at 9:29 AM by fkollmann, version 1

Comments

No comments yet.