R201 compromise DDOS

We had an issue where an R201 was configured for a public DHCP assigned WAN address. This unit was deployed and within a few minutes to an hour was locked up, or so it seemed. The unit was brought into the shop and benched. There we found the unit sending data at about 1GB and hour and within a few hours we received an abuse notificaiton from a third party advsing us this units IP was part of DDOS. We also received security alerts form internal monitoring advising us of the same.


Thanks for posting your issues.

We will Invesigate all the issues and will get back to you ASAP.

I had the same isssue, however it was  because it was with a test R201P I had on the bench with the default username nad password.  Once I changed all the deault username and paswords i have not had the issue.

Also you can further secure the device by changing the default port number used for http remote access.

Also a good idea to set the allowed ip address that should be allowed to remote to the wan interface.

Please change all the default username and passwords as suggested. We are adding a warning in device Web UI as well as in cnMaestro to warn users if default password is not changed by user.