DeepAI AI Chat
Log In Sign Up

Characterising attacks targeting low-cost routers: a MikroTik case study (Extended)

by   Joao M. Ceron, et al.

Attacks targeting network infrastructure devices pose a threat to the security of the internet. An attack targeting such devices can affect an entire autonomous system. In recent years, malware such as VPNFilter, Navidade, and SonarDNS has been used to compromise low-cost routers and commit all sorts of cybercrimes from DDoS attacks to ransomware deployments. Routers of the type concerned are used both to provide last-mile access for home users and to manage interdomain routing (BGP). MikroTik is a particular brand of low-cost router. In our previous research, we found more than 4 million MikroTik routers available on the internet. We have shown that these devices are also popular in Internet Exchange infrastructures. Despite their popularity, these devices are known to have numerous vulnerabilities. In this paper, we extend our previous analysis by presenting a long-term investigation of MikroTik-targeted attacks. By using a highly interactive honeypot that we developed, we collected more than 44 million packets over 120 days, from sensors deployed in Australia, Brazil, China, India, the Netherlands, and the United States. The incoming traffic was classified on the basis of Common Vulnerabilities and Exposures to detect attacks targeting MikroTik devices. That enabled us to identify a wide range of activities on the system, such as cryptocurrency mining, DNS server redirection, and more than 3,000 successfully established tunnels used for eavesdropping. Although this research focuses on Mikrotik devices, both the methodology and the publicly available scripts can be easily applied to any other type of network device.


page 1

page 7

page 8


IXmon: Detecting and Analyzing DRDoS Attacks at Internet Exchange Points

Distributed reflective denial of service (DRDoS) attacks are a popular c...

Cyber-attack Mitigation and Impact Analysis for Low-power IoT Devices

Recent years have seen exponential development in wireless sensor device...

Timely Detection and Mitigation of Stealthy DDoS Attacks via IoT Networks

Internet of Things (IoT) networks consist of sensors, actuators, mobile ...

One Exploit to Rule them All? On the Security of Drop-in Replacement and Counterfeit Microcontrollers

With the increasing complexity of embedded systems, the firmware has bec...

A Measurement Study on the (In)security of End-of-Life (EoL) Embedded Devices

Embedded devices are becoming popular. Meanwhile, researchers are active...

BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy

The Bluetooth standard specifies two incompatible wireless transports: B...