Popular D-Link Router Falls for Routine Malware

While every router manufacturer must endure its share of difficulties, D-Link has been having a particularly tough time over the last year or so.

Every few months or so, one (or more) of its widely used routers falls prey to some kind of dangerous exploit, and the latest victim is the D-Link DSL-2750B. This consumer-grade combination router/DSL modem, which was formerly distributed by Verizon to many of its home DSL customers, is currently under attack from a prominent Internet-of-Things botnet known as Satori.

But the really bad news is that the D-Link vulnerability that Satori is exploiting is two years old, and there may not be a fix for it yet.

MORE: Best Wi-Fi Routers

What you can do

If it’s true that D-Link has not issued a patch for the flaw, there’s unfortunately not much you can do if you own the DSL-2750B. (The router is also a few years old, and not guaranteed to get an update at all.)

Good antivirus programs installed on your PCs, Macs and Android devices will prevent Satori from infecting them with other forms of malware, although that’s not what Satori is really interested in doing. It’s too busy attacking websites, mining cryptocurrencies and generally being an internet nuisance.

You really don’t want your home Wi-Fi router compromised in the first place. It’s the key to your digital kingdom. If an attacker controls your router, he can send you to malicious webpages designed to steal your passwords or empty your bank accounts. It’s better to just call up Verizon and ask for a newer model.

Low hanging fruit

This information all comes from two sources: an analysis of the Satori variant from Beijing-based security firm 360 Netlab, and a study of the malware’s spread from enterprise security provider Radware, located in Mahwah, New Jersey.

To put things very briefly: Satori is a variant of an Internet of Things botnet called Mirai, which made a splash when it attacked thousands of IoT devices and used them to temporarily knock parts of the U.S. East Coast offline in the fall of 2016. The botnet never really went away; some devices patched against it, and some didn’t. But in the meantime, attackers are still experimenting with ways to make it more effective.

Just why Satori is attacking the D-Link DSL-2750B is not a mystery: the device has a well-publicized security hole that was first reported in the winter of 2016. We couldn’t find any patches available online for this flaw, even though the D-Link DSL-2750B was given by Verizon to many of its home DSL customers, some of whom are certainly still using it.

Using different known exploits, Satori is also attacking routers made a Chinese company called XiongMai and optical-fiber routers used overseas. Radware measured Satori attacking more than 2,500 devices in a 24-hour period. Without going into exquisite detail about how the attack works,  the newly infected routers themselves then scan the internet for more devices to infect.

Where the attack originates is anyone’s guess. The plurality of attacks seems somewhat evenly distributed between Brazil, South Korea and Italy. Seventeen other countries also show up in Radware’s analytics, including the United States, the United Kingdom, Russia, France and Spain. In other words: If you have a vulnerable device, Satori doesn’t seem very choosy about where you live.

Wi-Fi Mesh: What to know about enterprise mesh networks

Wireless mesh networks can be a fit for enterprises that need connectivity in settings where it’s hard to run cable, outdoor areas, and rented spaces or temporary locations

Wireless mesh has been around since the early times of Wi-Fi, and it’s getting more attention lately in the consumer world. But there are Wi-Fi mesh solutions for the enterprise market as well, and advances in wireless technology have increased the viability of deploying enterprise mesh networks, particularly in settings where it’s not practical to run cabling.

The idea behind Wi-Fi mesh networks is that not all the access points (AP) have to plug into the wired infrastructure. Those that aren’t plugged in get their network connection wirelessly from a nearby mesh AP. Small mesh networks might require only a single mesh AP plugged into the wired network. Larger networks require multiple mesh APs to be plugged into the network to support those that are connected wirelessly.

Wi-Fi mesh differs from WDS

Wi-Fi mesh technology is different from the wireless distribution system (WDS) feature supported by most routers and APs. Although both can extend a Wi-Fi network without running Ethernet to the APs, there are some crucial differences between the two technologies. Mesh is basically a smarter version of WDS that’s easier to configure and deploy.

WDS typically only allows you to configure APs to wirelessly connect to another AP that has a wired network connection. The wireless connections to the host APs are generally static and require manual configuration of MAC addresses. Additionally, the number of wireless links between APs is limited, and security/encryption of the wireless APs can be complicated. Furthermore, WDS links usually utilize the same radio and channel as regular Wi-Fi traffic, which can hamper Wi-Fi performance.

Mesh APs can wirelessly connect to mesh APs that have either a wired or wireless connection to the network. Many mesh APs have a dedicated radio for the wireless links between mesh APs, which allows the regular dual-band radios to serve Wi-Fi users.

The wireless links between APs are designed to be automated and offer self-healing multi-path links or hops. This helps make setup easier and provides better redundancy. So, if one mesh AP fails or the environment changes and negatively affects a wireless link, the wirelessly connected mesh APs are designed to find another mesh AP or a better path to a host AP.

When Wi-Fi mesh is a better fit than traditional APs

In certain cases it makes sense to consider deploying mesh, rather traditional APs, in the enterprise. Mesh installs can be faster and less expensive in environments where there aren’t any existing cables, for example.

Mesh is especially useful when it’s difficult or impossible to pull cables. This could be the case with old or historic buildings, parks, and outdoor venues.

Mesh networks are ideal for temporary indoor or outdoor networks, such as for events and conferences at public venues. It’s also great for rented spaces, such as an office where there isn’t viable cabling.

Even if pulling cable isn’t a big issue, you still might consider mesh for networks where there’s likely to be drastic building or environmental changes in the future. The same applies if there will be significant changes in the desired coverage area or levels. Mesh allows you to more easily patch capacity holes or modify coverage.

Wi-Fi mesh deployment challenges

Throughput is one of the most important factors to consider before going with a mesh Wi-Fi network. For situations that require the highest throughput and fastest Wi-Fi speeds, traditional APs are likely a better fit. In a mesh WiFi configuration, you have to contend with significant bandwidth loss from one repeater to the next; with every wireless link between mesh APs, throughput drops about 50% from what it is at the prior AP.