I ran across something this week you should probably be aware of. I was checking my Spectrum modem was not set to default passwords. Spectrum seems to have stopped setting them up with the factory default passwords. (While bad for people like me that like to monitor signal strength and know the password is changed it is probably a plus over all given how few seem to change their modems and routers from the defaults.) Anyway I googled the common ones used to see if the one (or ones) Spectrum is using might be online. The first link returned took me a page that looked like useful logins to try. But then I started getting warnings that this page was trying to probe my network. Without a paranoid level of network threat management I might not have even known. Note one of the things that set off alarms in my network was it was trying to use https to avoid packet inspection which, due to cert mismatch, triggered warnings. Another was one of addresses it tried to probe was the router for a test network, that while configured, has no devices on it at the moment.
Who cares? Well this is how some newer threats are getting past your firewall to your networked devices. They run probes on your network looking for devices with known exploits that they can then turn into a back doors into your network to take control of even more of your devices and even set them up to monitor your traffic. Then of course there are the malware cryptominers that that suck all your CPU. For an example of the level of adventure see https://www.grc.com/SN/SN-675-Notes.pdf
Post a Comment