Abstract
In 2018, several malware campaigns targeted and succeed to infect millions of low-cost routers (malwares e.g., VPN-Filter, Navidade, and SonarDNS). These routers were used, then, for all sort of cybercrimes: from DDoS attacks to ransomware. MikroTik routers are a peculiar example of low-cost routers. These routers are used to provide both last mile access to home users and are used in core network infrastructure. Half of the core routers used in one of the biggest Internet exchanges in the world are MikroTik devices. The problem is that vulnerable firmwares (RouterOS) used in homeusers houses are also used in core networks. In this paper, we are the first to quantify the problem that infecting MikroTik devices would pose to the Internet. Based on more than 4 TB of data, we reveal more than 4 million MikroTik devices in the world. Then, we propose an easy-to-deploy MikroTik honeypot and collect more than 17 millions packets, in 45 days, from sensors deployed in Australia, Brazil, China, India, Netherlands, and the United States. Finally, we use the collected data from our honeypots to automatically classify and assess attacks tailored to MikroTik devices. All our source-codes and analysis are publicly available. We believe that our honeypots and our findings in this paper foster security improvements in MikroTik devices worldwide.
Original language | English |
---|---|
Title of host publication | Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020 |
Subtitle of host publication | Management in the Age of Softwarization and Artificial Intelligence |
Place of Publication | Piscataway, NJ |
Publisher | IEEE |
ISBN (Electronic) | 978-1-7281-4973-8 |
ISBN (Print) | 978-1-7281-4974-5 |
DOIs | |
Publication status | Published - Apr 2020 |
Event | 17th IEEE/IFIP Network Operations and Management Symposium, NOMS 2020: Management in the Age of Softwarization and Artificial Intelligence - Virtual conference, Budapest, Hungary Duration: 20 Apr 2020 → 24 Apr 2020 Conference number: 17 https://noms2020.ieee-noms.org/ (Conference) |
Publication series
Name | 2020 IEEE/IFIP Network Operations and Management Symposium (NOMS 2020) |
---|---|
Publisher | IEEE |
Volume | 2020 |
ISSN (Print) | 1542-1201 |
ISSN (Electronic) | 2374-9709 |
Conference
Conference | 17th IEEE/IFIP Network Operations and Management Symposium, NOMS 2020 |
---|---|
Abbreviated title | NOMS |
Country/Territory | Hungary |
City | Budapest |
Period | 20/04/20 → 24/04/20 |
Internet address |
|
Keywords
- Hacker attacks
- Honey-pot
- Low-cost routers
- MikroTik
- RouterOS
- Security
- Vulnerabilities
- 22/3 OA procedure