I've not gotten two emails from my ISP (Cox) saying that "one or more Internet-connected devices (DVRs, security cameras, refrigerators, etc.) using your Cox High Speed Internet service is likely infected with the Mirai malware."
After the first email, I ran this scanner and it came back clean. Yesterday I received another email.
My router is the only thing directly connected to my cable modem, and its login was changed when I first connected it a couple years ago. Every other internet-connected device on my network goes through my router, most over wifi:
*Linux Mint laptop -- port forwarding configured for ssh, vnc, ftp (non-standard ports used as ISP blocks standard), and subsonic music streaming. Login required for any/all access
*Mac laptop, no ports forwarded
*2 Roku devices (a Roku 3 and a Roku stick)
*2 android phones (when hubby and I are home)
*1 Canon printer/scanner, no external access
So the only devices externally accessible for a bot to find are the router and the linux laptop, and neither is accessible through a factory-default login (which, it's my understanding, Mirai uses to take control of devices it finds).
In light of my understanding of how Mirai takes control of devices, and my understanding of networking and firewalls, I'm at a loss to explain how I could have a Mirai-infected device. What am I overlooking? How likely is it that Cox has misidentified an infection?
Thanks for any and all help!
Submitted September 21, 2017 at 12:34AM by dhwga http://ift.tt/2fBeGEv techsupport
No comments:
Post a Comment