https://www.us-cert.gov/ncas/current-activity/2018/05/23/VPNFilter-Destructive-Malware
Hello Firewalla Team, i am sure you are aware of the latest info about #VPNFilter_malware see here https://www.us-cert.gov/…/…/23/VPNFilter-Destructive-Malware
I know it is early days and i am not expecting you to have already any countermeasures; however, what can you share with us of how Firewalla monitors such informations/breakouts and decides whether or not this is within the functional perimeter of the Firewalla ?
-
We already have installed the Cisco signatures for stage 2 at least. You should get an alarm if your devices are accessing any of the stage 2 servers. (in certain cases, you will have to tap block, some may be auto-blocked) And in the very near future, we should have the capability to inject these signatures and autoblock without your intervention.
-
Firewalla Team , i had a look at your "Release Notes" post and nothing of this is mentioned anywhere.
Would it be possible to have release notes accompanying this please ? when it comes to security all relevant documentation is important.
Thank you,
PS: the Release notes pinned post i am referring to:
https://help.firewalla.com/hc/en-us/community/posts/360000596653-Firewalla-Release-Notes -
Firewall Team, many thanks for your timely answer. I understand the Team @Talos made the discovery and you are being very ethical in stating so.
My only point here being that when i first reached out to you; i was not expecting you to already have any countermeasures in place; yet you *already* had ...this is truly a competitive and commercial differentiator to *your* advantage and trust me from a Customer's perspective when i read your reply i was very positively impressed; thus it would have been i think widely acclaimed by the Firewalla's Community if you would have somehow communicated about it.
Also; and i know for facts it can be time consuming; but if somewhere in this website an article could be dedicated at tracking all the various signatures and footprint the Firewalla is aware of ... that would be truly **awesome** ! :-)No matter what your decision is about the above suggestion , thank you Firewalla Team; i love your product and the solution you came up with !
-
We will think about the article part for sure. We never really thought about these being differentiators, but your point taken. To be honest, many of these attacks are not that sophisticated, if people just aware a bit. Is it something like this?
How to use firewalla protect your self.
1. You can use the external scan feature of the app just find out which ports your router is open to outside. for this, you don't even have to buy the box ... If you see something strange, you can go close them on the router. For example, QNAP will open port 80/443/8080 ... and other things
2. If you are not sure what, then you need the box. The box, Open Port's button will also detect UPnP ports that are open. Here you will see your QNAP device opening strange port. You can block there, or go to QNAP and figure out how to disable the cloud services.
3. If by any chance infection happens. Firewalla will send alarms and sometimes will block the access from the malware. This is the signature matching part.
4. And even if we don't have a signature, you will get those annoying upload alarms ... This is the protection in case there is no signature, you can still detect problems ...
Please sign in to leave a comment.
Comments
6 comments