Hi Wuggers .
Can anyone please assist on how to get pass this continues popup as i scanned my complete Pc ans found nothing.
I’m using a paid version virus scanner ,
Can anyone tell me how to load a firewall on my mikrotik 3011 to blocc this SMB: CVE 2017 0144 [Expl]
Please see bellow.
Thank in advance .
Cyclops
Hi,
Attack is coming from your own RB -> 172.18.73.238
Thanks , how can i stop it
I would check the logs of that routerboard in winbox first
Thank you Ogon will do
@Ogon , the logs is clean , any further advice ?
Reset the RB to default and reconfigure it again with new admin passwords ect. also delete any files on the RB
Just wipe the RB Before it spreads accross the WUG.
ternalBlue exploits a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol. This vulnerability is denoted by entry CVE-2017-0144[9][10] in the Common Vulnerabilities and Exposures (CVE) catalog. The vulnerability exists because the SMB version 1 (SMBv1) server in various versions of Microsoft Windows mishandles specially crafted packets from remote attackers, allowing them to execute arbitrary code on the target computer.[11]
EternalBlue, sometimes stylized as ETERNALBLUE,[1] is a cyberattack exploit developed by the U.S. National Security Agency (NSA) according to testimony by former NSA employees.[2] It was leaked by the Shadow Brokers hacker group on April 14, 2017, and was used as part of the worldwide WannaCry ransomware attack on May 12, 2017.[1][3][4][5][6] The exploit was also used to help carry out the 2017 NotPetya cyberattack on June 27, 2017[7] and reported to be used as part of the Retefe banking trojan since at least September 5, 2017.[8]
