Is your CPE equipment secure?

It appears that a large spam bot has taken up a new home over the last couple of days, and in this case it appears to be NOT on consumer devices, computers, or servers, but on the very structure that makes the Internet possible for most consumers. In today’s age, we often forget that almost every thing is a ‘computer’, which means almost everything is a potential target for hackers.

In this case, it is the actual CPE (customer premise equipment) that the Internet providers place in your home. You know that black box they drop off, that you magically plug into to go on-line?

In this case, we noticed a very large increase in ‘bot activity from the dynamic IP space that had all the earmarks of something in common. And thanks to a report from one of the ISP’s we reached out to, it was reported to be ‘Ubiquity Air Routers’.

This is similar to another case a few months back that largely affected emerging markets, but this isn’t about Ubiquity, this could have been any vendor.

CPE equipment is often simply installed and forgotten, just like wifi routers, and other network devices, and a fantastic target for hackers. PC’s are updated regularly more often now, have Anti-Virus, and people notice problems with them more quickly when something starts acting funny, but the CPE equipment? Who thinks about that?

Consumers don’t think about those, their provider supplied them so they must be safe . However, it is one of the most dangerous places for a hacker to be. Once there, they can do almost anything. Snoop on all your traffic, block updates from virus companies, redirect traffic to scary places, even replace websites (like your bank) or make sure that you get a copy of a CryptoLocker virus instead of that video you were expecting from your mom.

In this case, the equipment looks to be a favorite in Brazil..

<snipped for brevity, many more examples of Brazilian ISP outbreaks>

143.208.234.7 1 143-208-234-7.ivatel.com.br
143.208.234.232 3 143-208-234-232.ivatel.com.br
143.208.244.98 1 98-244-208-143.conectiva-tech.com.br
143.208.244.118 2 118-244-208-143.conectiva-tech.com.br
143.208.244.166 1 166-244-208-143.conectiva-tech.com.br
143.208.244.172 1 172-244-208-143.conectiva-tech.com.br
143.208.245.32 1 32-245-208-143.conectiva-tech.com.br
143.255.150.167 1 143-255-150-167.burititelecom.com.br
143.255.150.232 1 143-255-150-232.burititelecom.com.br
177.10.148.59 1 177-10-148-59.plimtelecom.com.br
177.10.199.204 1 177-10-199-204.afinet.com.br
177.10.228.90 1 177-10-228-90.viafibra.com.br
177.11.116.178 1 177.11.116-178.interneith.com.br
177.11.117.72 2 177.11.117-72.interneith.com.br
177.20.234.73 2 177-20-234-73.net11.com.br
177.23.187.172 1 177-23-187-172.infobarranet.com.br
177.23.226.213 1 177-23-226-213.jatim.com.br
177.38.123.116 1 177-38-123-116.serv-popeld.tmw.net.br
177.38.151.109 1 177-38-151-109.sistemasconnection.com.br
177.44.91.248 3 177-44-91-248.lav-wr.mastercabo.com.br
177.44.159.220 1 177-44-159-220.link10.net.br
177.53.6.24 1 ANTW–177-53-6-24.aliennetwork.net.br
177.53.82.40 1 177-53-82-40.telecominternet.com.br
177.53.198.233 2 233-198-53-177.globotechtecnologia.com.br
177.53.199.211 2 211-199-53-177.globotechtecnologia.com.br
177.55.147.218 1 177-55-147-218.n4telecom.com.br
177.55.148.71 1 177-55-148-71.n4telecom.com.br
177.55.153.199 2 177-55-153-199.n4telecom.com.br
177.55.159.6 1 177-55-159-6.n4telecom.com.br
177.66.2.64 1 177-66-2-64-bandalarga.scrio.com.br
177.66.2.65 1 177-66-2-65-bandalarga.scrio.com.br
177.66.3.229 2 177-66-3-229-bandalarga.scrio.com.br
177.66.3.234 3 177-66-3-234-bandalarga.scrio.com.br
177.66.91.16 1 177.66.91-016.clik.sfnet.com.br
177.66.217.201 1 177-66-217-201.rnova.com.br
177.66.231.234 2 177-66-231-234.n4telecom.com.br
177.66.234.106 1 177-66-234-106.n4telecom.com.br
177.66.235.19 2 177-66-235-19.n4telecom.com.br
177.67.219.222 1 222-219-67-177.virtualnetce.com.br
177.72.57.72 1 177-72-57-72.dflink.com.br
177.72.58.228 1 177-72-58-228.dflink.com.br
177.72.63.73 1 177-72-63-73.dflink.com.br

177.126.224.59 1 177-126-224-59.city10.com.br
177.126.224.158 2 177-126-224-158.city10.com.br
177.126.224.192 2 177-126-224-192.city10.com.br
177.126.225.205 1 177-126-225-205.city10.com.br
177.126.226.223 1 177-126-226-223.city10.com.br
177.126.227.94 2 177-126-227-94.city10.com.br
177.126.227.116 1 177-126-227-116.city10.com.br
177.126.227.149 1 177-126-227-149.city10.com.br
177.126.227.192 1 177-126-227-192.city10.com.br
177.126.237.5 1 177-126-237-5.city10.com.br
177.126.237.102 1 177-126-237-102.city10.com.br
177.126.237.145 1 177-126-237-145.city10.com.br
177.126.237.245 1 177-126-237-245.city10.com.br
177.128.111.199 1 177-128-111-199.supercabotv.com.br
177.128.141.160 2 177.128.141.160-rev.crvnet.com.br
177.128.219.167 1 177-128-219-167.linknetpsi.com.br
177.129.28.75 1 177-129-28-75.ip.provedorflash.com.br
177.129.92.172 2 172-92-129-177.interhnet.com.br
177.129.93.120 3 120-93-129-177.interhnet.com.br
177.129.131.112 2 177-129-131-112.3mnet.com.br
177.129.145.173 2 177.129.145-173.hypernet.net.br
177.129.224.136 5 static.177-129-224-136.nippontec.net.br
177.130.59.14 1 14-59-130-177.redewsp.com.br
177.131.50.79 1 177-131-050-79.cliente.imicro.com.br
177.131.50.149 1 177-131-050-149.cliente.imicro.com.br
177.131.50.154 1 177-131-050-154.cliente.imicro.com.br
177.131.50.181 1 177-131-050-181.cliente.imicro.com.br
177.131.50.183 2 177-131-050-183.cliente.imicro.com.br
177.131.50.203 1 177-131-050-203.cliente.imicro.com.br
177.131.50.206 1 177-131-050-206.cliente.imicro.com.br
177.131.50.214 1 177-131-050-214.cliente.imicro.com.br
177.131.50.222 1 177-131-050-222.cliente.imicro.com.br
177.131.50.227 1 177-131-050-227.cliente.imicro.com.br
177.131.50.234 1 177-131-050-234.cliente.imicro.com.br
177.200.77.250 1 177-200-77-250.skymaxtelecom.com.br
177.221.194.102 1 177-221-194-102.megavelocidade.com.br
177.222.226.72 1 reverso-177-222-226-72.sertaonline.com.br
179.96.155.252 1 179-96-155-252.life.com.br
179.96.250.181 1 179-96-250-181.outcenter.com.br
179.96.252.191 1 179-96-252-191.outcenter.com.br
179.96.254.148 1 179-96-254-148.outcenter.com.br
179.97.83.202 1 as28361-179-97-83-202.rrconect.com.br
179.108.64.35 2 179-108-64-35.serv-popbt.tmw.net.br
179.108.83.136 1 179-108-83-136.netturbo.com.br

187.1.56.128 1 core-inact-128-56-1-187.intercampo.com.br
187.1.56.133 1 core-inact-133-56-1-187.intercampo.com.br
187.1.56.166 1 core-inact-166-56-1-187.intercampo.com.br
187.1.56.175 1 core-inact-175-56-1-187.intercampo.com.br
187.1.56.211 3 core-inact-211-56-1-187.intercampo.com.br
187.1.56.255 1 core-inact-255-56-1-187.intercampo.com.br
187.1.184.30 6 187-1-184-30.centurytelecom.net.br
187.19.101.34 1 187-19-101-34.users.certto.com.br
187.33.146.88 3 187-33-146-88.hiway.com.br
187.45.103.139 2 187-45-103-139.mhnet.com.br
187.45.128.225 1 187-045-128-225.sta.spacnet.com.br
187.45.128.226 3 187-045-128-226.sta.spacnet.com.br
187.63.26.72 2 187-63-26-72.cliente.dgnet.com.br
187.63.223.227 1 187-63-223-227-client.superip.com.br
187.73.0.13 1 187-73-0-13.corporate.valenet.com.br
187.73.0.23 2 187-73-0-23.corporate.valenet.com.br
187.73.0.31 1 187-73-0-31.corporate.valenet.com.br
187.73.0.52 1 187-73-0-52.corporate.valenet.com.br
187.73.0.74 1 187-73-0-74.corporate.valenet.com.br
187.73.0.120 1 187-73-0-120.corporate.valenet.com.br
187.73.3.45 1 187-73-3-45.corporate.valenet.com.br
187.73.3.46 1 187-73-3-46.corporate.valenet.com.br
187.73.3.65 3 187-73-3-65.corporate.valenet.com.br
187.73.3.95 1 187-73-3-95.corporate.valenet.com.br
187.73.3.150 1 187-73-3-150.corporate.valenet.com.br
187.73.3.220 1 187-73-3-220.corporate.valenet.com.br
187.73.3.226 2 187-73-3-226.corporate.valenet.com.br
187.73.3.248 1 187-73-3-248.corporate.valenet.com.br
187.73.5.9 1 187-73-5-9.corporate.valenet.com.br
187.73.5.19 1 187-73-5-19.corporate.valenet.com.br
187.73.5.56 1 187-73-5-56.corporate.valenet.com.br
187.73.5.71 1 187-73-5-71.corporate.valenet.com.br
187.73.5.75 2 187-73-5-75.corporate.valenet.com.br
187.73.5.76 1 187-73-5-76.corporate.valenet.com.br
187.73.5.117 1 187-73-5-117.corporate.valenet.com.br
187.73.5.129 1 187-73-5-129.corporate.valenet.com.br
187.73.5.134 1 187-73-5-134.corporate.valenet.com.br
187.73.5.135 1 187-73-5-135.corporate.valenet.com.br
187.73.5.142 2 187-73-5-142.corporate.valenet.com.br
187.73.5.237 1 187-73-5-237.corporate.valenet.com.br
187.73.5.242 2 187-73-5-242.corporate.valenet.com.br
187.73.11.6 1 187-73-11-6.corporate.valenet.com.br
187.73.11.38 1 187-73-11-38.corporate.valenet.com.br
238,1 56%

 

 

This entry was posted in Informative and tagged , , , , , . Bookmark the permalink.

Leave a Reply