Hacked Home Router Botnets

Topic

New Reply

WordPress have reported finding 57,000 hacked home routers used to attack sites on their platform, launching brute force attacks. The hackers now have full access to the workstations, mobile devices, wifi cameras, wifi climate control and any other devices that use the hacked home WiFi network.
The problem stems from access to Port 7547.

“…over 41 million home routers world-wide have port 7547 open to the public internet. We are trying to get the word out to home users and ISPs to block this port and patch any vulnerable routers. This will help reduce attacks on the websites we protect and, far more importantly, it will help secure over 41 million home networks.

We found over 10,000 infected home routers in Algeria who use Telecom Algeria for internet access. These are home networks that have already been hacked. We found over 11,000 hacked home routers in India with BSNL, another major ISP in that country, where the routers have already been hacked. Let’s help secure our fellow internet citizens and prevent others from having their home networks compromised.

You can help by sharing this post and empowering home users to check if they are vulnerable. They can then contact their ISPs with the information and this will gradually cause ISPs to close port 7547 to outside access and to disinfect and patch vulnerable routers.”

WordFence, the security division of WordPress, has a tool to check if you are vulnerable, and advice on how to protect yourself. Find out more here:
https://www.wordfence.com/blog/2017/04/check-your-router/

6 users thanked author for this post.

samak, NetDef, Elly, HiFlyer, MrJimPhelps, satrow

Reply | Quote

Replies

A vulnerability known as “misfortune cookie” is being used in these attacks. It hijacks a service that ISP’s use to remotely manage home routers by listening on port number 7547.

Home-router users should disable Remote Management/Access and change the default router password by going to 192.168.1.1 or .168.0.1 .
Remote Management should only be enabled by users after liasing with their ISP, eg for trouble-shooting network problems.

Additionally, to secure their Wifi network from hacker-neighbors, users should disable WPS or WDS, use WPA2-AES-Personal encryption(not WEP) and set a strong Wifi password.

1 user thanked author for this post.

AlexEiffel

Reply | Quote

The state of consumer routers is a sorry mess. None of them is managed in a professional manner. The problem is it is such a low cost device, manufacturers focus on speed, range and dust gathering abilities rather than security. If vulnerabilities are discovered in the routers, it can be a big deal and then it is not a matter of “being careful on the Internet” no more. They also stop supporting routers when they still function perfectly so you might end up with a vulnerable device and not know it because the manufacturer just ignore it.

For supported routers, the problem is when a vulnerability is discovered, the user isn’t notified and even some manufacturers don’t patch the vulnerability or take months to do it, when such a vulnerability would likely be rated critical in Windows since you don’t need to do anything to get infected besides being connected to the outside world.

Hopefully, with the bad publicity IoT will generate about the security of such devices, it will create a need in the market to help manufacturers switch focus from the look of the routers to security.

Some ISP might automatically patch their routers. I suggest asking if they do.

If you have a home router, it is a good idea to:

1) make sure WPA2 AES only is activated (not TKIP). Disable WEP, WPS or WDS.

2) choose a long password, a sentence is good. Length is stronger than complexity against brute force, something like “I love jumping, 3 hooPs, and balloonz” is very secure (don’t use that though).

3) change the default admin password of your router and change the IP address to the same as the one from your modem so malware that tries to enter your modem with default credentials from your computer don’t see it hidden by your router.

4) remove all wireless and external admin access. Make sure https only is enabled for admin access. Who needs to administer their router remotely? If you need to help someone, use teamviewer and administer from the internal side of the network.

5) Periodically check your router manufacturer website for firmware updates and apply the updates.

8 users thanked author for this post.

Noel Carboni, Navi, Kirsty, NetDef, MrBrian, Elly, HiFlyer

Reply | Quote

AlexEiffel wrote:

The state of consumer routers is a sorry mess.

In my case, with an E4200 model from Cisco (high-end but now a few years old), the router came, out of the box, set up to update its own firmware automatically.

Unfortunately, about a year after I got it, Cisco changed the user interface of this router from “geek” level to “Win 10” level – i.e., they dumbed it down and cloud-integrated it to where it both didn’t offer all the advanced functionality I bought it for AND opened ports to the outside world.

Because of loss of functionality, I had to stop updating it with new manufacturer releases and I reverted it to the last firmware that allowed me to lock it down and to set up and retain the advanced features I needed.

My first thought, when this happened, was: Why the heck would I want a cloud-integrated, dumbed-down router?

Of course, with a career in data communications I probably had the ability to understand and configure things most didn’t.

And I’ve been thinking… Dropping off the update bandwagon may not be the worst thing, as the firmware that preceded the dumbing down is no longer mainstream. It’s possible hackers don’t target that older firmware any more, or just can’t the way I have it set up. Every test I’ve found to run has shown that it has not been compromised and doesn’t have any open ports.

-Noel

Reply | Quote

Oh yes, that Cisco mess. Meraki inspired idea I guess? Linksys was bought by Cisco, then was made to use these stupid cloud things. It is ridiculous that a serious company like Cisco thought adding half baked cloud components like this on something that really don’t need it is a good idea. It just adds code complexity and code complexity is the enemy of security. It must not have worked that well because Cisco then sold Linksys to another company that doesn’t have a great track record on security so I would stay away from them now. Too bad because they were good a long time ago, well at least the issued firmware updates when security issues were discovered, so far from ideal, but better.

A home router should be a simple device that autoupdates and warns you when it gets out of support, while letting you control some parameters in case you know what you are doing, like if you want to disable UPnP, apply AP Isolation, etc. Just the fact routers companies kept coming up with dumb ideas that were not secure like default on WEP and outside admin, WPS and the like and the fact lots of ISP left WEP only by default only to avoid compatibility issues with WEP only devices and calls from consumers ignoring the fact they were sending tons of insecure routers in the market while knowing for a long time WEP was bad just shows how marketing is the only game in this market. Wow, cloud integrated router, that must be better. Next time they don’t know how to sell, they will come up with another dumb idea like AI enhanced router or 3D painting router while still ignoring the obvious.

Even DD-WRT is not a solution, as they issue updates all the time and seriously, I don’t know many busy IT people that finds it great to manually check and update their home router all the time, so I imagine that normal folks couldn’t care less. I don’t want more functions, a 2002 linksys router was fine in terms of functionalities, just patch them only if need be. Some people might enjoy advanced vpn features and the like, fine, make them a firmware and leave me and the normal folks with a rarely updated secure simple firmware. Give people some easy to use parental controls and that’s about it. I never met a normal folk that asked me how to do something with their router besides parental control and just making it work. It is an appliance, not a toy and not a smartphone.

Noel, I have a lot of respect for you, but we differ a bit when it comes to security. You are more the I-know-what-I-am-doing type of guy, I am more not that trusting that my own skills are enough when it comes to security in the long run. That is why you run with UAC off and I respect that and I am sure you are one of the most able person to minimize your risk and maybe it is good enough in practice, although there is no way to know for sure, unless you think the future owes something to the past and you are certain not even a bit of luck played in your favor. I am more group B then W, although I respect the W people that weights their risk in terms of probabilities and costs. I know you have a fabulous backup routine and that helps reduces costs of some type of breaches by a lot, too.

I had a thought about you the other day because something happened to me that I never seen before. I was reading a an old article about car buying on a legitimate web site referred to by a reputable publication The author referred at some point to some references web sites for calculating something and I clicked on one only to find out this domain didn’t exist no more and was replaced by a fake locking of my computer, asking for a ransom while showing naked women in the back (not sure why it was related). It was very badly made with a popup saying not to close my browser and i knew it didn’t use an exploit kit to break my EMET protected 64 bits Firefox so I was safe and just closed the browser and cleaned the cache, but still I was not being careless and ended up on a what could have been a powerful drive by download, so it just reminded me we are not completely shielded from this, even though UAC would maybe not have helped anyway depending on the type of attack.

Your arguments about using an old uncommon firmware makes some sense and it may have worked for you in practice, and maybe also because of some of the tweaks you made, but in theory, there is nothing preventing an old bug that was there a long time ago and being discovered recently from affecting your router and then any automatic scanning software can randomly targets your first line of defense without you doing anyhing, so I would say although maybe your approach is one of the most sensible one in the current context unless you want to go commercial for routers, it is not a good solution in theory. I have Cisco ASA professional firewalls and when there was the NSA leaks, my fully patched firewalls and all previous versions were affected and vulnerable. Cisco did their homeworks and patched them, but I am sure the NSA has lists of bugs like this for many versions of consumer routers and unfortunately, they don’t seem very capable of protecting what they know from hackers as the recent disclosures showed us.

My problem with the router is worse than with the W group in Windows. The W group have faith that although an SMB exploit or something similar in the protocols is possible, it is not that common and if they always run behind a firewall and not on a notebook on the road with no firewall, they might be safe. The fact Windows now disable automatically the sharing protocols on a public network helps a lot. But USB virus could make a comeback with lots of W folks. I diverge. My point is the router is that device that is facing the ugly web, the random port scans. There is a jungle out there snd tons of script kiddies testing you constantly. You look at the logs and you see tons of probes. So if you have a router that is badly programmed and can be easily taken control of by a random probe done by an automatic malware, I find that pretty bad.

So, when it comes to security, I think the best approach is still fully supported and patched, but I would agree with you that maybe, not popular at times might temporarily be better and the ideal would be not popular, fully supported and patched by competent people. Want to start a business? There would be no market as normal folks usually downplay security concerns and don’t care that much about them, maybe because they don’t know enough about them or they think no company would be that dumb and take so much risk when they are selling a security device or we just didn’t see the worst of what can happen with that yet.

Still, I will make a confession. At home, I still run that old router with the same magical thinking as you, and probably similar tweaks, thinking like you that I am maybe more safe than with any new bad consumer device out there and because I didn’t take the time to install that commercial router I bought yet. I also think it might be better to do that with the people I help if nobody is going to patch the router after. I would not advise anybody to do that, though. In theory, it is all bad, but sometimes practice is the only reasonable option. So, maybe we are still more practical brothers than I thought. I just won’t advise anyone to do the same and hopefully work will stop demanding me so much my home setup doesn’t receive enough love and care. Oh I am so happy to have the Ipad and its simple management.

1 user thanked author for this post.

Elly

Reply | Quote

I am not totally happy with having had to stop updating my router, BUT… My thinking is always that with an attack surface minimized the lion’s share of attacks won’t even be possible. Sure, the router still interacts with the outside world using RIP and all that but as a specific target, with no ports of its own open to the world, it just doesn’t logically exist as far as the hackers from the outside world are concerned.

And I really do believe there is some tangible merit in being a bit obscure by not being on the mainstream.

By the way I do have one port – 443 – open through to a server inside my LAN (which is well-firewalled) and on it via the firewall logs I see logged a fair number of attempts to connect – between 10 and 20 different systems a day. They’re all blocked because my server is only open to a very few collaborators whose addresses I have preapproved (and I have a process in place for managing their as it turns out infrequent address changes). The unsolicited connection attempts I see are presumably scans of all addresses looking for vulnerabilities (or maybe search engine spiders crawling the web to index it). It’s fascinating that so many systems out there are bent to the task of looking for open ports. The thought always comes to mind… “Don’t these people have anything better to do with their computers?”

P.S., regarding minimizing my “attack surface”… Imagine that my browser is configured to block running executable software from the wild Internet entirely. Then it doesn’t really matter what a web site wants to do, right? They can show me all manner of scary or offensive pictures but hold me for ransom? Not hardly. And that’s only one layer… Beyond that, I haven’t run across a “bad” web site that seeks to do me harm in quite a while. Why? Because my blacklists are updated daily from some very good sources. That process just ran a few minutes ago. Per the logs, since last week I see about 100 new sites have been added. And of course there’s my firewall blocking things like unexpected port number usage. And the fact that my router is on duty preventing unsolicited incoming connections. All those layers matter.

And for what it’s worth, I do keep my main workstation updated with Windows Updates (group A except telemetry) – just not at the intervals Microsoft wants, and only when the patches have been tested by the rest of the world for a while.

In all seriousness, I have not had any malware knock at my door.

Regarding being lucky… I hold that the universe is based on quantum physics. EVERYTHING is about probability. Minimize the probability of bad stuff happening sufficiently and we might even survive. For a while.

I don’t always advise people to do just what I do, because what I do is complex and multifaceted. I have a lot of knowledge others don’t, so I *DO* advise everyone to try to get smarter about high tech whenever they can, so that they can understand what they’re doing and start to out-think those who would seek to take advantage of them. Living in fear is a terrible thing, and every little bit helps.

-Noel

2 users thanked author for this post.

Elly, AlexEiffel

Reply | Quote

Great and very informative post, as always.

Regarding the inability of executables to run from your browser, I am not sure it is as foolproof as thought. Someone please correct me if I am mistaken, but a vulnerability based on a buffer overflow precisely circumvents this by using a vulnerability in say a dll to decode pictures on IE or in IE itself to inject code in the current running process, in effect turning your normal trusted process used to browse the web into an on the fly malware, which might be hard for antivirus to detect. This is the kind of drive by download that is scary, those with sophisticated exploit kits that tries every known vulnerability and that will likely gets you through flash or reader or java (which you fortunately don’t run in your browser) or less frequently by a defect in librairies like there was one for rarely used formats like processing vector drawing (seen that in IE a while ago), silverlight or xps or other integrated in the browser when it is not the browser itself that is vulnerable. Then, running as admin with no UAC, you just gave complete control to the malware, but I am not sure restricted user is that much better anyway to save your not backed up data files if you don’t have Noel’s amazing backup strategy.

A long time ago, I thought I was safe from viruses by just not clicking on exe, bat or other executables. When I first saw a virus embedded in a picture and understood the problem of buffer overflows, I realized any data file could be used to compromise a vulnerable process or executable, turning your downloaded mp3 into a potential malware when read by your vulnerable player, windows image viewer hacking your computer after seeing a picture or that browser relying on the same image decoding library that is part of Windows when pointed to a web site with the mailicious pictures. Fortunately, these very bad vulnerabilities are not too common, but they can be a good reason for some people to run their browser in a sandbox like sandboxie. Combine this with the fact antivirus don’t detect much more than 1 out of 3 new viruses and the picture is not so nice, so it is no surprise that I rarely met a normal folk who didn’t get bitten at some point in their digital life and that is why I help people to run Firefox 64 with EMET, both free and at least better to face the undetected by antiviruses malware. 64 bits is essential for the buffer overflows mitigations to work well enough as the address space layout randomization is much larger.

Of course, if I had the choice of running in your environment vs anybody else I know, I would choose yours, as there is so many multi-layerad approach you use that in effect, your risk might be pretty low and I do believe like you to some extent in the virtues of the less popular products, especially when the newer and more popular options keep adding features that augments the attack surface instead of reducing it.

2 users thanked author for this post.

Elly, Noel Carboni

Reply | Quote

@AlexEiffel: That is correct. Internet Explorer and Chrome have their own sandboxes also. More info: Sandboxes Explained: How They’re Already Protecting You and How to Sandbox Any Program.

2 users thanked author for this post.

Elly, AlexEiffel

Reply | Quote

I looked up EMET, and see its End of Life is given as July 2018.

1 user thanked author for this post.

AlexEiffel

Reply | Quote

I looked for alternatives to EMET a couple of years ago.  There are not a lot of options, but I am using Malwarebytes Anti-Exploit on a couple of computers, and HitmanPro.Alert on a third.

Malwarebytes Anti-Exploit – MBAE (free) – latest standalone BETA: https://forums.malwarebytes.com/topic/184939-mbae-109-latest-standalone-beta/#comment-1102115

HitmanPro.Alert (trial) https://www.hitmanpro.com/en-us/alert.aspx

Malwarebytes 3.0 Premium (trial) https://www.malwarebytes.com/trial/#trial

Malwarebytes Anti-Malware has combined the MBAE Anti-Exploit premium standalone into the premium package with full real-time malware protection.  MBAE free is still available as a perpetual BETA at the link at the top.  MBAE free is browser protection only, does not protect all web facing apps.

Of all the above, I am sold on HitmanPro alert for comprehensive exploit protection far beyond with EMET was capable of, with minimal configuration effort.

Windows 10 Pro 22H2

1 user thanked author for this post.

AlexEiffel

Reply | Quote

I know and they even extended it because they originally announced the end of support suddenly for much sooner. People asked for a working Win Ten version because they loved it. It is part of MS trick to get people on 10 pretending 7 is less safe and saying EMET isn’t needed on 10 because the protections are built-in but I am pretty sure they lie and the full protections are only for Edge or else it would break so many old software. Plus EMET can activates some system protections that are still off by default on Windows Ten. When Windows 7 was announced, Microsoft said it is more secure because of ASLR and things, but you know what? They deactivate it by default so they don’t have people with issues when they run old drivers or some old software, just like DEP that was on only for MS apps and not all apps since Vista.

Also, yes, some advanced malware were able to circumvent some EMET protections but if they did, they got through the same things with Edge probably. EMET was the testing playground for what advanced security features they would like to add to Windows, but when they add them, they don’t even activate them by default, like enhanced protected mode in IE. They find fancy names for the EMET mitigation they use, bake them in the OS, use that for marketing to say it is more secure, then leave them off so you are not even more secure if you don’t know all the details. Wow.

EMET got extended because IT pros love it and they know that 10 is not enough and that MS is not playing straight here. It is a wonderful product, easy to run and configure. I could post instructions, but if you want to play safe, just use the default settings and make sure you install Firefox 64 over the 32 bits version if you have it as lately MS introduced a bug in EMET that slows down the latter unless you turn off EAFplus for firefox in apps and you need the former to benefits from ASLR fully anyway due to the way ASLR works plus it runs better anyway.

Basically, EMET does two things. It lets you activate some system wide protections, and then a ton of additional mitigations on a process by process basis so it doesn’t break anything. Note that if you uninstall it, the system protections are not reset to defaults so do that before uninstalling. There is only DEP, ASLR, SEHOP and one or two others for system wide, easy to see on the first UI page.

A few times, I was browsing the web and EMET caught some things and told me. I will never know if they were badly programmed web pages or drive by downloads in a bad ad, but they were caught and stopped. I never saw anything special on the web pages in those cases.

Since it is free and takes only a few minutes to install, it is worth it I think to use it until it doesn’t work. It is maybe the best free 0 days protection you have right now.

However, those who use Steam and other old games and app, just be careful not to add processes to EMET or put the system wide on mandatory everywhere, as Steam might interpret it as trying to cheat and some older software might just crash. I use EMET in the highest even ‘unsafe’ settings that need a registry entry to activate on many computers since a long time and they all work fine, but they are office computers or home computers that only runs a few known applications. I just need to remove the unsafe mandatory ASLR sometimes to run a very old software, then I turn it back on again, but running the safe opt in ASLR might be plenty and I am just being OCD running mandatory. MS labelled it unsafe just because some very old ATI driver prevented the boot if it was at Mandatory but that is as unsafe as it gets. When a program crashes with no EMET warning, it is because it is a system wide setting that made it crash, usually ASLR. If it is an app mitigation, you will get an EMET warning that it did something, but I rarely seen any of this. The only thing I do is set back ASLR to opt in when an old software crash and I try it again.

In case you wonder why I wrote Win Ten, access to my numeric keyboard stopped working on the Ipad while I was editing so I lost the dashes too and other symbols. Sorry I make many mistakes with the Ipad and it is not easy to see them all and correct them too. After this post I am sure my keyboard bug will go away I just didn’t want to loose the post trying to fix it. Never happened before. Weird bug.

Reply | Quote

EMET is for IT pros only, and not for the average end user.  I think that it showed what was possible.  Thankfully there are now superior commercial products that can be used that do not require advanced knowledge and configuration skills.

Windows 10 Pro 22H2

Reply | Quote

I respectfully disagree that EMET is for IT pros only. EMET with default settings is easier to set up than understanding all the options in the free Avast you could use to have better protection than what the default settings do. It is an easy way for a user with only well known recent programs to raise the security of their environment in a way that antiviruses generally don’t address.

Maybe the software you mentioned are better than EMET today, but EMET is free and I wouldn’t say it is difficult to set up, especially if you just use the defsult settings. It contains many advanced mitigations that are the basis of what MS offers in Edge in theory hidden in Windows 10, although I wouldn’t be surprised to learn Edge don’t even use them all.

Maybe the MBAM free beta is a good choice for those who want a free solution and prefer trying that to EMET. I donlt know if the protections are as comprehensive.

Someone who wants to make it simple with EMET only has to use the defsult settings and choose import popular programs when setting it up. No need to understand the long explanations I gave earlier if they use a very standard quite recent software environment.

Reply | Quote

Oh and I forgot even if End of support arrived, you could still install it to set up system wide protections and uninstall it after if MS defaults on 10 don’t become as good as you can set them with EMET. Remember the settings stay even if EMET is uninstalled. My numeric keyboard reappeared right after clicking submit, how nice, thanks Ipad for not being too much trouble.

Reply | Quote

You’ve done well and I enjoyed the thoughtful post. Posting or Pasting this so that those that happen along this thread will not end up with a false sense of security because they fiddle with a sandbox and then open up Pandora’s box by mistake.

The ransomware is very aware of its environment, and I had use a physical Windows host to see the infection activity. This diary examines the malspam and its associated ransomware….

The ransomware

The ransomware samples didn’t run properly on my virtual machine (VM). The samples also didn’t run properly on free sandbox tools like malwr.com and reverse.it. I finally got an infection using a physical Windows host. The encrypted files were all renamed with .MOLE as a file extension. Decryption instructions were dropped as a text file named

Read More:
Malspam on 2017-04-11 pushes yet another ransomware variant

2 users thanked author for this post.

Elly, AlexEiffel

Reply | Quote

Yes, correct. This means you can’t really test a malware in a virtual environment to verify if it is safe in your production environment because the malware might stay quiet when run in a VM. However, running your browser in a sandbox means that the malware wouldn’t do anything anyway to your regular computer running the browser in the sandbox. It is not like you download the drive by download out of the sandbox to click on it after. You get to a web page that contains the drive by download, and it can’t infect your machine when it runs. You close the browser, flush the virtual environment and it is like nothing happened in that sandbox.

Of course like with all software, some sandboxes or VMs can have vulnerabilities from time to time and some malware might bypass them, but they are not common and they get patched. Your risk of running into problems is still reduced a lot, at the expense of some performance when browsing, which might be a problem if you use an old machine.

Reply | Quote

If yours is a popular model of router, there may be alternative firmware builds for it, which will usually be more secure than the stock firmware (particularly if it is quite old).  My Netgear WNDR3700 has been in service for years, and the newest stock firmware is ancient, but it’s running DD-WRT that’s less than a month old.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

Hopefully, with the bad publicity IoT will generate about the security of such devices, it will create a need in the market to help manufacturers switch focus from the look of the routers to security.

I love that you said this and your list is exemplary. We need to be vigilant. One can not count on the manufacturers making an about face with their kit built firmware, and flood of inexpensive gizmos.

Look at what has happen to Australia, The UK and now America. Metadata is the new bit-coin, and the powers that be knew this before you or I. Presumably we (the folks that read and contribute here) are a bit smarter, or just tuned differently than our extended family and friends. Vigilance requires learning, training and action. Not all are running a NOC out of their house, but I imagine for reading several of the steadfast poster’s that they are not far from having a whole house backup generator JIC (just in case).

My router passed the test. It’s running DDWrT, but it’s not the only router betwix the walls. Consider two or more.

Your Metadata Is Going To Be Captured And Stored From Tomorrow. BTW tomorrow is also #GetaVPN Day, link here #auspol

With Australia’s data retention scheme coming into effect today, privacy groups are urging people to #getavpn

President Trump delivers final blow to Web browsing privacy rules | Ars Technica https://arstechnica.com/tech-policy/2017/04/trumps-signature-makes-it-official-isp-privacy-rules-are-dead/ … #getavpn

Your internet history is available to all uk government organisations http://www.independent.co.uk/life-style/gadgets-and-tech/news/investigatory-powers-bill-act-snoopers-charter-browsing-history-what-does-it-mean-a7436251.html … #getaVPN #vpn #privacy

Reply | Quote

Even using a VPN needs care, when considering the Five-Eyes agreement.

The countries that have agreed to exchange information are known as the Five Eyes: USA, UK, Australia, Canada and New Zealand. … The concern from privacy groups is that a government could compel a VPN provider to supply information on its users through a court order. To avoid this you should choose a VPN provider that is based outside of one of these countries.

http://www.pcadvisor.co.uk/test-centre/internet/best-vpns-2017-3641578/

1 user thanked author for this post.

Navi

Reply | Quote

For a quick checkup on your router’s security, this quick port test of the most common ports offers some peace of mind:

https://en.wikipedia.org/wiki/ShieldsUp

To check port 7547, or any other uncommon port, you can use this test:

http://ismyportopen.com/

Windows 10 Pro 22H2

Reply | Quote

JohnW, Thank you. I had forgotten about Shields Up. Came out clean. Many thanks.

Reply | Quote