[svlug] Intrusion detected: What's the best response

[Rick Moen]

Quoting Sanatan Rai (sanatan at gmail.com):

> The intrusion originated from 116.16.236.7, this is all I have thus
> far.

Hey, that's in Guangdong.  You can maybe see my house in Hong Kong from
there.  ;->

> The router is a DrayTek Vigor 2830VN+, and is normally configured
> to reject incoming connexions. That's why I am mystified how this was
> possible in the first place.

So, its OS load in the firmware is exploitably buggy.  Quelle surprise!

Reviews describe it as 'A pricey, feature-packed wireless router aimed
primarily at business users.'  Feature-packed means a huge, juicy attack
surface.  

> It's the router I am most worried about, especially the nature of the
> hack. Should I shell out £££ (= $$$) for a new one?

Drop a few quid on a two-year-old replacement piece of hardware and
install your favourite open source router project distro.