Xfinity plant
Xfinity globe
Community Forum

Is there an Arris FW update coming -- multiple CVE Attacks

New Poster

Is there an Arris FW update coming -- multiple CVE Attacks

On 29 Mar 2018 at 1929 hrs PDT we started experiencing multiple external attacks daily (12x/d) coming from a total of 19 different outside IPs, ALL of which were effectively trapped & blocked by our Router & Firewall.

 

These started as, "Remote Command Execution via Script" + "Netcore Router Backdoor Access" attacks until 20 Apr 18 at 0302 hrs when an attempt was made at "SSL OpenSSL TLS DTLS Heartbeat Info Disclosure (CVE-2014-0160, Heartbleed)". The R&N attacks continued but on 22 Apr a "Remote Command Execution via Script" was followed on 23 Apr by "LAN Backdoor Command Execution (CVE-2014-9583)" aimed at an outdated ASUSWRT, followed by Netcore attacks until another Heartbleed on 25 Apr, then back to R&Ns. These are not benign "trying to surf on your dime" attacks. Heartbleed & Backdoor are serious issues.

 

All of these attacked the same MAC address, which was one used by Cadant (now Arris) in CMs and targeted a local Comcast IP. The MAC was isolated and rejected at all access venues and the attacks have since slowed with none in the last 48-hrs.

 

My network was not impacted, no data was exfiltrated and no users were aware of any issues. That said, it is apparent that these 2014 viruses are being actively aimed at Arris devices on Comcast networks -- at least in my area.

 

Comcast is still the Gatekeepper to all FW updates for all equipment on their farm. That's fine, but trying to report the issue to Comcast by chat, phone, or email is nearly impossible. Can we be expecting an update to the ARRIS FW soon?

Problem Solver

Re: Is there an Arris FW update coming -- multiple CVE Attacks

I wouldn't be concerned. The net is filled with bots whose only purpose is to sniff out vulnerable routers - the Netcore routers are a prime example. Just the way it is nowadays. I could dig up the logs for my ASUS RT-AC88U and show you many months of the same Netcore attacks on my router. 

 

This simply underscores the necessity of regularly updating your software and firmware to maintain network security. Even a well known, reputable company like ASUS (sometimes more than once) or Intel (Spectre and Meltdown, anyone? ) can be compromised, or even security software vendors like Symantec.

 

In fact, even though Heartbleed was patched many years ago, as long as there are servers out there sill run the vulnerable OpenSSL protocol that Heartbleed exploits, the vulnerability remains, and bots will still scour the Net for them. 

 

 

 

 


"Sometimes the best way to learn something is by doing it wrong and looking at what you did." - Neil Gaiman