RV50 DDoS GB/hr Takeover (Mirai?)


#1

Hello all,

I recently had a situation wherein multiple of our RV50 gateways were taken over and started pumping gigabyes per hour into the cellular network. We did not command this, our normal IoT devices usually use just kb/day.

All of our RV50’s are/were patched with the latest firmware ( 4.9.2.001) and no default passwords. We even put in ALEOS some data limits of ~100 MB/day, which got completely blown out of the water. Additionally, The only ports we have open/whitelisted are the default HTTP (:9191), HTTPS (:9194) and a single IoT port. That makes me think that the DDoS attack went underneath the ALEOS.

All the above and some outside reading makes me think that the Mirai trojan has struck us, even with non-default passwords and the latest firmware. Does anyone else have a similar experience? What have you done? Looking for any help. I’ve tried contacting Sierra Wireless support but gotten nowhere.

Thanks in advance,
James


#2

Hi James

There as been an update on the Malware issue. See updates at www.sierrawireless.com/security.

If you are already on 4.9.2, you might need to call the toll free number included in the bulletin to get help directly from Sierra Support team.