D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] ZyXEL router attacks


On 15 Jan 2014, at 18:33, Rob Beard <rob@xxxxxxxxxxxxxxx> wrote:
> This did worry me a bit as we use mainly Draytek routers.  Does anyone know if 
> this is an old issue that is likely to have been fixed with firmware upgrades or a 
> recently discovered bug that the manufacturers are running around and trying to 
> fix?

It is reported as a "SYN Flood" attack.

ZyXEL ADSL routers were always sold as the firewall blocks SYN flood, so presumably 
they either don't or the attacker tweaked it.

You should upgrade to the latest supported firmware anyway.

However it isn't clear if this will help in this case.

Disabling unnecessary external services is reported to help.

Without more details it is hard to give more advice. 

Really some DoS attacks best dealt with when they happen, if you can't have 
downtime, then have redundant links with different kit or some such scheme, 
otherwise upgrade everything and wait for bad stuff to happen.
The Mailing List for the Devon & Cornwall LUG
FAQ: http://www.dcglug.org.uk/listfaq