We received that notice as well (we sell the routers to customers so plenty on our network). Updating to latest firmware seems to fix. Most of the routers we have sold are Revision B and the latest firmware is 2.11NA.
-Tim From: Af [mailto:af-bounces+tim=velociter....@afmug.com] On Behalf Of Josh Reynolds via Af Sent: Friday, September 26, 2014 10:44 AM To: af@afmug.com Subject: Re: [AFMUG] DDoS via Dlink DIR-655 router? Could be a part of the bash-exploit botnet that's going around. (Yes, this could affect home routers as well) Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com<http://www.spitwspots.com> On 09/26/2014 09:41 AM, Bill Prince via Af wrote: Got a report from someone that had traced a DDoS attack coming from one of our subscribers.� It claimed the IP was going out on port 1900 to various and sundry IPs as part of a distributed attack. I ran a torch on the IP, and sure enough, a bunch of connections were going out on port 1900. Talked to the customer, and eliminated all their PCs/phones/etc. one by one, at which point it was only their Dlink router connected to the net. Turning it off stopped the outbound traffic.� Just to be sure, we re-connected the customer's wired PC, and no traffic. So at this point, it appears that there was some sort of malware loaded on their Dlink.�� It's a DIR-655. Anyone else seeing this?� Seen it?� Other comments?