Firewall vunerability


#1

Hello Engineering -

My network has been under attack by some botnet for the past couple of days, specifically trying to break into my webserver through the Wordpress interface. As soon as I would block an address, the attack would switch to a different IP address. After adding numerous attacking addresses to the firewall rules, I had better things to do and just started to block http and https completely on my Balance 30’s as I don’t really need to have an external web presence at the current time. This of course worked - at least for a while. When I came in this morning, I was unable to log into the router (invalid password), and had to pull the power cord to reboot it. The password was fine upon reboot - so I don’t believe the router itself was broken into.

Looking at my server http logs - I have tens of thousands of breakin attempts to Wordpress overnight (161,370 to be exact) - accesses which the firewall was supposed to be blocking.

It appears if you hammer on the Balance 30 hard enough, an intruder can partially crash it, disabling the firewall and leaving the network it’s supposed to be protecting wide open. The router was functional enough to pass traffic, but not functional enough to implement the firewall rules. Troubling. This seems to be a major vulnerability. Is there any more current firmware which addressed the issue?

I’m running firmware 5.4.4 build 1500 - which the web interface says is the latest and greatest.


#2

Hi,

Upgrade to latest firmware is recommended. Please enable Intrusion Detection and DoS Prevention (Network > Access Rules) as well to protect your system.

Please take note you need unlock key when upgrade from v5.x to v6.x. Please ensure your device is under warranty. You may open ticket to get the key.