this post was submitted on 02 Nov 2024
310 points (98.1% liked)

Technology

59724 readers
3433 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] arrakark@10291998.xyz 69 points 4 weeks ago (2 children)

I have a TP-Link router. Maybe I'm an idiot, but I searched around for a bit and I literally could not find which models of router were effected. All articles about Botnet-7777 are frustratingly vague with this.

[–] ladfrombrad@lemdro.id 34 points 4 weeks ago (3 children)

I've had no end of trouble with routers and ones you should choose to be sure of.

The ones where you can flash OpenWRT seems the only choice if you want some semblance of security. But even my current Xiaomi router with stock firmware creates hash mismatches using apt to download things, and I don't 100% know with confidence that using OpenWRT on it instead is keeping me right.

[–] InEnduringGrowStrong@sh.itjust.works 44 points 4 weeks ago (1 children)

But even my current Xiaomi router with stock firmware creates hash mismatches using apt

That's a huge fucking red flag and I would yeet any network equipment responsible for fudging such a thing.

[–] ladfrombrad@lemdro.id 13 points 4 weeks ago* (last edited 4 weeks ago)

No doubt, and I would really love someone with more knowledge than me to poke into why that was going on (*edit: for clarity, this behaviour stopped after installing OpenWRT and is the stock Mi firmware that causes this)

https://files.catbox.moe/2i5ekl.jpg

I remember finding this thread where someone said they replaced their entire networking equipment

https://stackoverflow.com/questions/72022569/cannot-find-fixes-to-apt-error-hash-sum-mismatch

My router is this model for anyone wanting to nosey

https://openwrt.org/toh/xiaomi/ax3600

[–] SharkAttak@kbin.melroy.org 14 points 4 weeks ago (1 children)

my current Xiaomi router

Ah I see the problem right there..

[–] ladfrombrad@lemdro.id 6 points 4 weeks ago (1 children)

As opposed to, TP-Link, Cisco(Linksys) and other off the shelf routers it seems some will only go for brands with their own proprietary firmware?

I grabbed that Xiaomi router on the premise it has OpenWRT, but I'd like to see Ubi / Unifi routers put under the same scrutiny instead of just lumping a brand name as a no-go.

What's your recommendation?

load more comments (1 replies)
[–] bane_killgrind@slrpnk.net 10 points 4 weeks ago (8 children)
[–] pandapoo@sh.itjust.works 11 points 4 weeks ago (1 children)

They are frequently targeted because they offer enterprise grade configurations at consumer prices.

Which means, there's a lot that can be misconfigured, and a lot of short staffed and under budgeted IT departments that deploy them, which means they are a good payoff when exploited.

That's the bad part, and the good part.

You really cannot beat their price point to value for professional grade networking equipment. Just take the time to understand what you're doing when doing your configurations, and keep them updated.

[–] bane_killgrind@slrpnk.net 6 points 4 weeks ago (1 children)

Very little is changing over time... I have a proliant salvage server running proxmox with some hosts and the router only port forwards to an NGINX proxy manager instance for the web interfaces on those hosts. I run a synology NAS separate from the proliant hardware that runs through the proxy.

I know I don't understand it all, and i'm open to suggestions.

[–] pandapoo@sh.itjust.works 3 points 4 weeks ago* (last edited 4 weeks ago) (1 children)

Did you mean to send that reply to me?

I ask because I'm not quite sure what specific suggestions you're looking for.

But in general, I would suggest not exposing port forwarding.

What services are running behind NGINX? What router/firewall are you using?

[–] bane_killgrind@slrpnk.net 2 points 4 weeks ago

Yes, I attribute security significant misconfigurations to a lag between new service deployments and a relevant review by network security (in a business environment. At home it's just me.)

So I'm running Milestone VMS, Synology NAS and maybe in a day a minecraft server for the kids, which should all be available outside my home. I'm using the mikrotik HexPOE which is my main router/firewall.

[–] philpo@feddit.org 9 points 4 weeks ago (1 children)

Fairly popular in my neck of the woods and rock solid. I literally had a bad sparky put 230V through one of them. It killed the RJ45, it killed two client hosts on the same bridge, it killed the port, but the Switch itself continued to work. (Still replaced it, though)

The only thing I find them really bad and ironically replaced them with TP-Link (Omada )is Wifi. (and the fact that they let the promising "The Dude" die).

Security wise they seem to do their homework so far.

[–] bane_killgrind@slrpnk.net 6 points 4 weeks ago (1 children)

Fun fact I made my sales team standardize on Omada for all network hardware we are providing (highrise security systems, so SDN is usually out of scope) I was considering replacing my ubiquiti AC Pro soon, but I didn't settle on a new model of access point yet. What are the mikrotik wifi APs bad at? if it's meshing I will only have one.

I didn't look at The Dude before, but it doesn't seem depreciated?

[–] philpo@feddit.org 4 points 4 weeks ago

Their solution to central management (Capsman) is a burning mess, when WiFi6 came out for a long time(I think 2 years) you were unable to keep older and newer APs on the same controller, so you needed two Capsman instances. Roaming between them is very unreliable and generally their hardware is underwhelming in terms of antenna quality, etc.

For one AP it is not as bad, but still annoying, if you want to centrally manage more APs it is a nightmare.

I replaced my MK APs with Omada with the software controller on a LXC and couldn't be happier - they play along nicely with my MT infrastructure and are way more reliable.

I really love MT,but not their WiFi.

[–] felbane@lemmy.world 5 points 4 weeks ago

Mikrotik is pretty decent but their configuration method drives me up a wall. Ansible helps mitigate the annoyance, at least (in that I only have to figure out/remember the arcane incantation for configuring VLANs once, and then subsequently just have the machine do it).

[–] magic_smoke@links.hackliberty.org 5 points 4 weeks ago* (last edited 4 weeks ago) (1 children)

I love their switches but for routing/firewall I stick to PFSense.

Personally I use OpenWRT for access points.

[–] BaroqueInMind@lemmy.one 3 points 4 weeks ago* (last edited 4 weeks ago) (1 children)

OPNsense is better, because it's the same thing but doesn't require registering an account to download the image.

[–] magic_smoke@links.hackliberty.org 2 points 4 weeks ago (1 children)

Its been a couple of months but I don't remember that requirement...

[–] BaroqueInMind@lemmy.one 2 points 4 weeks ago* (last edited 4 weeks ago)

You need a Netgate account because they gated the download in some kind of online shop. Try it yourself.

[–] exu@feditown.com 4 points 4 weeks ago

Mikrotik is great for features, but their UI definitely feels ancient and you will sometimes question why something takes this many steps.
However, I've never had an plan I couldn't replicate with their routers.

[–] InverseParallax@lemmy.world 4 points 4 weeks ago (1 children)

Run them in a lot of places, love them.

They're good at being configured and forgotten about.

My main rack, that's more complicated, I have proper gear, but mikrotik is great for everything else.

[–] bane_killgrind@slrpnk.net 5 points 4 weeks ago

forgotten

that's why that guy seemed so unburdened! I understand him better now

[–] vinnymac@lemmy.world 3 points 4 weeks ago

I have setup plenty of MikroTik routers, never had any issues myself.

[–] ladfrombrad@lemdro.id 2 points 4 weeks ago (1 children)

Never used them pal, but seen them used in Enterprise environments?

Something I've found on a SOHO environment though and what I bought a family member?

Gli-Net mini routers. They come with OpenWRT as a base and then lipstick it with a nice interface. But as always, YMMV

[–] bane_killgrind@slrpnk.net 4 points 4 weeks ago* (last edited 4 weeks ago) (1 children)

Years ago, another trade worker on a construction site was using their wifi stuff, and mentioned using it at home. I went and picked up the hexPOE router and i'm pretty happy with it, but all i'm doing is port forwarding and I set up a rule to capture all DNS requests and shunt them into my pihole.

The documentation is pretty spiffy and public.

I'm not really sure if this seems good because I don't know any better, or it's good because it's good.

edit Gli-net seems nice, but i'm a stickler of using a WAP separate from the router. I know I pay more.

[–] ladfrombrad@lemdro.id 2 points 4 weeks ago

edit Gli-net seems nice, but i'm a stickler of using a WAP separate from the router. I know I pay more.

It's exactly why I bought her two of them. One their main router and the other in AP mode ;)

[–] finitebanjo@lemmy.world 4 points 4 weeks ago* (last edited 4 weeks ago)

If you don't use Microsoft Azure cloud services then it shouldn't matter, for now. Might want to just avoid running those for a little while.

The article also says:

It’s unclear precisely how the compromised botnet devices are being initially infected. Whatever the cause, once devices are exploited, the threat actors often take the following actions:

  • Download Telnet binary from a remote File Transfer Protocol (FTP) server
  • Download xlogin backdoor binary from a remote FTP server
  • Utilize the downloaded Telnet and xlogin binaries to start an access-controlled command shell on TCP port 7777
  • Connect and authenticate to the xlogin backdoor listening on TCP port 7777
  • Download a SOCKS5 server binary to router
  • Start SOCKS5 server on TCP port 11288.

So maybe setting up some firewall rules could also help prevent further problems.

[–] DarkCloud@lemmy.world 33 points 4 weeks ago* (last edited 4 weeks ago) (1 children)

The article makes it clear that the Chinese botnet is targeting Microsoft azure accounts, usually for large organizations involved with governments, infrastructure, legal professionals, science and technology.

It also states that the attacks can be disinfected by regularly restarting your router, but that this doesn't prevent reinfection later.

The US intelligence services also says you should regularly restart your phone.

This is Microsoft's posting about it which other news sources are quoting from: https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/

It has a recommendations section which suggests "credential hygiene" and strong passwords help.

Many experts in the past have noted that most such infected devices can’t survive a reboot because the malware can’t write to their storage. That means periodically rebooting can disinfect the device, although there’s likely nothing stopping reinfection at a later point.

Relevant line for my lazy chadbros who know that reading articles is for sissies.

[–] josefo@leminal.space 20 points 4 weeks ago (1 children)

thanks to this post I found out about openwrt, and my tplink router model is compatible with it, I see this as an absolute win

[–] dinckelman@lemmy.world 4 points 4 weeks ago (2 children)

I'd love to do the same with mine, but admittedly, the hardware in it is so poor, that they just couldn't get it to work properly.

It's quite frustrating too, because despite being a relatively new router, they're already behind on security updates, and after all the promises, still haven't delivered the bare necessities as WPA3 support

[–] josefo@leminal.space 4 points 4 weeks ago

Yeah, no joke, I totally didn't know about any of this, be certain that I'm going to consider this OpenWRT stuff when I'm buying a new router, it one of the most important pieces of my network, and can't leave it to whatever the manufacturer plans to support in terms of security.

load more comments (1 replies)
[–] pineapplelover@lemm.ee 12 points 4 weeks ago (1 children)

I recently replaced my tplink for a Netgear I flashed openwrt on

[–] kadotux@sopuli.xyz 3 points 4 weeks ago (1 children)

Hell yeah another Openwrt enjoyer in the wild, what a rare occurrence. Flashed Openwrt 6ish month ago, have been very pleased with it.

[–] pineapplelover@lemm.ee 7 points 4 weeks ago (2 children)

You're on Lemmy my dude. We all use Linux and Openwrt haha

load more comments (2 replies)
[–] Cargon@lemmy.ml 8 points 4 weeks ago (3 children)

For less money than some gaudy gaming wireless router that you end up replacing every 3 years, you can grab a Mini PC with two NICs, a wireless access point, and install OpnSense.

Your life will be irrevocably changed for the better.

[–] fleet@lemmy.ca 11 points 3 weeks ago

Only go this route if you're looking for a new hobby.

[–] todd_bonzalez@lemm.ee 3 points 4 weeks ago (2 children)

Eh, mini-PCs weren't designed for that. Just buy an OpenWRT compatible router, or a router designed for OpenWRT like the ones from Turris. It's better to have hardware designed for this kind of application.

[–] histic@lemmy.dbzer0.com 4 points 4 weeks ago (4 children)

Why does it matter ”what its designed for” a router is no better at it then a computer with 10x the brains you can route 10gig through them if you have the nics for it large company use pfsense and the like

load more comments (4 replies)
load more comments (1 replies)
[–] umbrella@lemmy.ml 6 points 4 weeks ago

one of the reasons i use openwrt

[–] sploosh@lemmy.world 3 points 4 weeks ago (1 children)

This makes me want to call up the former CTO of the MSP I worked for who disagreed with me when I said TP-Link and other consumer hardware was a risk we shouldn't let our customers take and tell him that he's a miserable drunk who destroyed a company by taking a role he had no business in.

[–] bane_killgrind@slrpnk.net 6 points 4 weeks ago (1 children)

Well post the call recording on LinkedIn if you do

[–] sploosh@lemmy.world 3 points 4 weeks ago (1 children)

Only if he shows me that he wasn't destroying the company, but building networks to leverage crises into profit.

Which, it would seem, is what he and the rest of the C-suite team did.

They bought out the old owners and signed up a bunch of new customers that we didn't understand how to work with (new industries with different requirements, we were very specialized toward a few professions and our staff's knowledge and skills reflected that). They also brought in fresh, inexperienced people to manage the clients, so we didn't really get very good on-boarding results and didn't generate good documentation for the help desk to work off of. Right off the bat we did a bad job for these new customers and it took us a long time to do it, while our long-time customers had their wait times go up by an unacceptable amount.

My team was running at their limits, but I was not allowed to let up at all because we needed to get the tickets down. 9 hours days were the minimum, 9.5-10 were the norm. We hadn't hired any new people when we added the new clients and the new clients generated tickets at 1.75x the of rate existing clients, and they were still signed up more. After months of begging, they hired two people for Tier-3 positions without testing them technically. They were both from corp call centers and had previously read scripts with troubleshooting steps on them. Neither had ever logged into a router. This is where I quit.

Within four months of my departure (and a few others at my level around the same time, we had all had enough) the company had lost 30% of their clients, two of which were huge 250-person entities that were cash cows for biling. Four months later the owner-operators sold the whole thing to another company, getting high level jobs, equity and cash out of it. As far as I know they're all still working for the bigger company. Even if they lost money buying and selling, chances are they're on top in the long run.

[–] bane_killgrind@slrpnk.net 3 points 4 weeks ago (1 children)

Wow gross. Glad you got out, I doubt many of your colleagues did well from the buyout.

[–] sploosh@lemmy.world 2 points 4 weeks ago

One of the benefits of having a number of middle managers leave is a few of the folks in the trenches get a chance to move up. Two of my team members were there in management through 2023, which is a number of years after everything went down. I don't know what their compensation looks like, but I know they must have gotten a 15% bump at the least jumping up during the exodus. They were the last two from the staff still at the company.

[–] rehydrate5503@lemmy.world 2 points 3 weeks ago (1 children)

So I just added a TP-Link switch (TL-SG3428X) and access point (EAP670) to my network, using OPNSense for routing. I’m still within the return window for both items. I understand the article mentions routers, but should I consider returning these, and upping my budget to go for ubiquity? The AP would only be like $30 more for an equivalent, so that’s negligible, but a switch that meets my needs is about 1.6x more. And still only has 2 SFP+ ports, while I need 3 at minimum.

load more comments (1 replies)
[–] werefreeatlast@lemmy.world 2 points 4 weeks ago (4 children)

Go to openwrt. Or get something better with good security. Unifi is good and very expansible but it doesn't have opensource software compatibility. Sad really.

load more comments (4 replies)
load more comments
view more: next ›