https://www.us-cert.gov/ncas/current-activity/2018/05/23/VPNFilter-Destructive-Malware

Comments

6 comments

  • Avatar
    Firewalla

    We already have installed the Cisco signatures for stage 2 at least.  You should get an alarm if your devices are accessing any of the stage 2 servers.   (in certain cases, you will have to tap block, some may be auto-blocked)  And in the very near future, we should have the capability to inject these signatures and autoblock without your intervention.

    1
    Comment actions Permalink
  • Avatar
    Jean-Didier stefaniak

    Outstanding Thank You !

    0
    Comment actions Permalink
  • Avatar
    Jean-Didier stefaniak

    Firewalla Team , i had a look at your "Release Notes" post and nothing of this is mentioned anywhere.

    Would it be possible to have release notes accompanying this please ? when it comes to security all relevant documentation is important.

    Thank you,

     

    PS: the Release notes pinned post i am referring to:
    https://help.firewalla.com/hc/en-us/community/posts/360000596653-Firewalla-Release-Notes

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    This is actually one of the basic features of Firewalla.  In this particular case, we just need to import the signatures from the Cisco article ...  nothing to brag about ... maybe we should, since it may make us look important.  The real credit goes to the Cisco talos team.

     

     

    0
    Comment actions Permalink
  • Avatar
    Jean-Didier stefaniak

    Firewall Team, many thanks for your timely answer. I understand the Team @Talos made the discovery and you are being very ethical in stating so.
    My only point here being that when i first reached out to you; i was not expecting you to already have any countermeasures in place; yet you *already* had ...this is truly a competitive and commercial differentiator to *your* advantage and trust me from a Customer's perspective when i read your reply i was very positively impressed; thus it would have been i think widely acclaimed by the Firewalla's Community if you would have somehow communicated about it.

    Also; and i know for facts it can be time consuming; but if somewhere in this website an article could be dedicated at tracking all the various signatures and footprint the Firewalla is aware of ... that would be truly **awesome** ! :-)

    No matter what your decision is about the above suggestion , thank you Firewalla Team; i love your product and the solution you came up with !

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    We will think about the article part for sure.   We never really thought about these being differentiators, but your point taken.  To be honest, many of these attacks are not that sophisticated, if people just aware a bit.   Is it something like this?  

    How to use firewalla protect your self. 

    1. You can use the external scan feature of the app just find out which ports your router is open to outside.  for this, you don't even have to buy the box ...    If you see something strange, you can go close them on the router.  For example, QNAP will open port 80/443/8080 ... and other things

    2. If you are not sure what, then you need the box.  The box, Open Port's button will also detect UPnP ports that are open.  Here you will see your QNAP device opening strange port.  You can block there, or go to QNAP and figure out how to disable the cloud services.  

    3. If by any chance infection happens.  Firewalla will send alarms and sometimes will block the access from the malware.  This is the signature matching part. 

    4. And even if we don't have a signature, you will get those annoying upload alarms ...  This is the protection in case there is no signature, you can still detect problems ... 

    0
    Comment actions Permalink

Please sign in to leave a comment.