Routers are ripe targets for adversaries in any organization. They are often plagued by vulnerabilities and misconfigurations. Most organizations are slow to update and maintain such critical devices on the network. This advisory urges organizations to monitor and block unauthorized outbound connections from routers to their connected networks. In general, network devices should only connect to nearby devices for exchanging routing or network topology information or with administrative systems for time synchronization, etc. Since these types of connections have known patterns and occur within specific time periods on the network, anything outside of the norm - such as a TCP connection on a web port to a random IP address in the routing table - should be detected and subsequently blocked.
Be immediately notified of new advisories and associated security tests