Domain: dronebl.org
Stories and comments across the archive that link to dronebl.org.
Comments · 6
-
Re:Searchable database of attackers?
-
Re:Test
How's this one?
-
Try using rubotted or dronebl
The rubotted tool does a pretty decent job of detecting most botted computers. Have your dad download it here:
http://www.trendsecure.com/portal/en-US/tools/security_tools/rubotted
You could also look for his system on the dronebl:
Good luck!
-
Yahoo cached version of DroneBL announcement
Yahoo cached version of DroneBL announcement at http://dronebl.org/blog/8
-
Re:What to do about it?
It's hard enough for most people to just hook one of these up, much less wipe a rootkit from it.
FTFA: http://dronebl.org/blog/8
Update 4 -- Before you read anything else, read this
Am I Vulnerable?
You are only vulnerable if:
Your device is a mipsel device.
Your device has telnet, SSH or web-based interfaces available to the WAN
Your username and password combinations are weak, OR the daemons that your firmware uses are exploitable.
As such, 90% of the routers and modems participating in this botnet are participating due to user-error (the user themselves or otherwise). Unfortunately, it seems that some of the people covering this botnet do not understand this point, and it is making us look like a bunch of idiots.Any device that meets the above criteria is vulnerable, including those built on custom firmware such as OpenWRT and DD-WRT. If the above criteria is not met, then the device is NOT vulnerable.
How can I tell if I have been infected?
Ports 22, 23 and 80 are blocked as part of the infection process (but NOT as part of the rootkit itself, running the rootkit itself will not alter your iptables configuration).
If these ports are blocked, you should perform a hard reset on your device, change the administrative passwords, and update to the latest firmware. These steps will remove the rootkit and ensure that your device is not reinfected.
The removal instructions seem pretty easy to me. Wipe the image and reinstall.
-
Re:Run to my openWRT router and look for.. what?
Look at the info from the above link....I pasted it in here for you: