Ping default gateway resulted in request timed out 100% loss

[Boggin]

If Port 80 is now stealthed, then I wouldn't bother with that.

It's interesting that there is now a firmware update for the router - perhaps that is in response to your query.

What is the error message ?

[jraju]

Avast would not allow to the site teracom.in, as a redirect hack site.
I have uninstalled Panda and started using avast again. The error message is the 404 error. the page opens but no content. It says that it may have been removed.
                        I think the co. left the site with deleting the firmware updates

[jraju]

Hi, Boggins
                Please see the attached . The rom jraju1451954 problem resolved.
                I  tried all sort of things like selecting SPI enabled , giving password tight etc. But still avast found rom O vulnerability again and again.
                Just went to this author, Shane, other site pcwintech and downloaded the simple port forwarding tool . It captured my router, but not in my vendor name. I just first tried to forward port 80 to unused ip port in my computer. Still the problem continued.
                 I again  enabled  spi and checked with grc.com
                  still the problem existed.
                Coming to the point. I tried to locate the weak port 7457 which is said to inject vulnerability to rom 0. I will enclose the details of the injection in next post if possible. It is a lengthy article, which described about this vulnerability and how any program could easily change it.
                    I tried again at the grc.com, it shows all the port stealthy, but still i got this rom 0.
                       I then opened Shane tool and then took the risk of just updating the router, it suddenly started downloading the updates from somewhere and i saved it.
                     In the interval, i tried any internet block yellow. Nothing happened. Then the sweet surprise.
I checked again in avast and bingo, the vulnerability gone.
                 To shane:
                             What a wonderful free program that you give. Eventhough my router name was not in the list, it shows the router as something and picture as something. But anyhow, taking the risk,of updating router, no file available elsewhere, from your database or source, i was updated within seconds. How it is possible to have this cure. My vendor is teracom, and the avast shows it as Mediatek. Is the firmware suited my modem, or the modem firmware was captured by your program.
       In these days of router hack, your tool is a blessing in disguise. Thank you , shane

[Samson]

J. Good news that you are sorted. You can double check Avast's new findings here http://rom-0.cz/

But, Shane's program does n't update the router firmware. When you click "Update Router" it is saving the port forward settings that you have made in the program to the router itself.

From the look of it your Teracom router is probably a rebranded/ licensed product that shares firmware with the Mediatek.

Hopefully you will be free from problems now that you have negated the rom-0 vulnerability, and your router settings should stick without getting changed.

Nice job 

[jraju]

you are correct it. The happiness is some what diminished as another scan, reproduces the same effect.
Samson, I just added port 80 and set the start and end port as such, and then direct to some other ip , i am not using.
                  But avast again came up with the error.
                  But after , router update, i do not know, i thought that the problem sorted out itself.
 My port settings are already as it is. Ok. it downloaded port settings, but avast one time found it safe and in the other round as vulnerability. Do you have any idea?
                 Instead of throwing the router , i am trying to keep the present safe. How do i know, even present modem would have the same vulnerability, that could not be fixed that much easily.
                  If shane s program, just save the port settings, then how come this clean in first instance.  I do understand, when in offline the port 80 could not made the update at all. Ok. After downloading it, thro the tool, should i close the port 80. I already did that in SIP settings , which is now enabled to let any open port. It is really a puzzle .. I am in still in the mid of a puzzle game.
                     Avast gives ok, then gives Red signal in the next scan. Ok. i make you and boggin think re again
Update: i now zone alarm free firewall

[jraju]

the latest grc.com findings
This textual summary may be printed, or marked and copied
for subsequent pasting into any other application:

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2016-01-31 at 11:58:58

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
                            119, 135, 139, 143, 389, 443, 445,
                            1002, 1024-1030, 1720, 5000

    0 Ports Open
    0 Ports Closed
   26 Ports Stealth
---------------------
   26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - NO Ping reply (ICMP Echo) was received.

[jraju]

Hi, Samson, One more thing
                   when i saw my router as media tek, i was shown as totally protected. But as you say, that it is not updated actually, it changed to teracom router and it shows vulnerability. This is somewhat not easy to understand.
                      How my mediatek router now becomes teracom, the old one i do not know.Please for the enjoyment of solving the problem , say how could it be changing names.

[Samson]

J, The Teracom TDSL300W2 ADSL2+ CPE, Type W2 uses a Mediatek Chipset, so it is basically detecting the same router by name/ chipset.

Your GRC scan looks OK, now that you have port forwrded port 80 to an unused local IP, then you have done all you can. Not sure why the Avast scan showed clean the first time and then vulnerable later.

See how the router behaves for a while, ie any changes or if it is stable.

[jraju]

It is stable, but see a sea change in modem name. Now, I have a vulnerability, which was first cleared by avast and then the same shows vulnerability. Now that i will retry port forwarding by shane tool again.
                  What about zone alarm, could it be used along with windows firewall in both the firewall in on.
                   I surfed and knew that it will pop up window, if any new connection to router is made from any other computer.
                   I wish to point out that i forwarded 80 to some unknown ports but removed it, as it was tested positive in avast. I mean in medical term.
                   THE magic of teracom becoming media tek and now teracom is anybody guess

[jraju]

Hi, Samson, here are the mysterious screen shots/  See name changed to mediatek.
Is it correct that by resorting to update router, with Shane program, it copies the name of the router from shanes Program router name in my case onda.....something.onda em4218(DN7000firmware)So, when saving by overwriting the default alert , it writes the name of the find router manufacturer, instead of the default name, teracom
                            But from what you said, it is writing only port settings to the router, if you add ports or just select the update router button.
                             my router version firmware is GAN4.FT130-J-TE-R9B018-IN.EN 

[Samson]

Mediatek is the chipset in your router, Avast's database probably does not include your make and model of router and is therefore identifying it based on the chipset. 

[jraju]

now, my router name is changed to teracom.
                      I reset and did the settings . Please read this informatio.

[Samson]

Yeah I gave a quick read, it's been quite widely publicised already. Just makes me more happy with my Netgear router 

[jraju]

Hi, How do you say
             Have you done avast medical check up?

[Samson]

My Netgear router does not use the software that is vulnerable to Misfortune cookie or rom-0 

[jraju]

Thank you. What is the model and price . I will try.

[Samson]

It is an older model no longer available  (But I have several identical spares, just in case  )

In a previous post I mentioned a Netgear D500 150N, it is a pretty basic model (2 ethernet ports only, no USB). But I guess better than the Teracom  People have used it successfully with BSNL. Shop around, Rs1000 or less.

http://in.netgear.com/home/products/networking/dsl-modems-routers/d500.aspx

[jraju]

Hi, Samson,
                It is curious that my modem changing the name. I found in one of the thread, that media tek is a chipset processor of thailand exclusively used in android phones including samsung. Would it be the changing because(, my son has android phone samsung, which chipsets has this vulnerability, which has been shipped out without closing this gap in the security)the android phone is around, without wifi option turned on.
                  when the android is away, this name changed to teracom, the original name. Weird.*&^%*($#@
what is happening. I also came to know that this is not patched yet.
                           The curious thing is when i disabled the wifi in my router also , i get this rom 0 Vulnerability. Yesterday, i read about the vulnerability in netgear version also.
                             Particulary all the samsung smart phones are affected. Samsung says that it will use media tek chip set in 2014. A careless vision, gives hackers a security hole . The thai company acknowledged the security hole, but nothing more.
                              samsung update is available , but not on this security lapse.
                              the main aim is to hijack the dns. I once experienced change of dns to unknown ip, 169.254.90.67. How this reserved ip , is used by persons , without any country identity etc.etc. your view pl

[Samson]

J, Sorry I can't give you an explanation of why sometimes your router is recognised as a Teracom and at others Mediatek, it is mystery to me.

On your other more general point.....All devices are vulnerable, what matters is how quickly (if at all) manufacturers put out patches/ firmware updates. It seems like Teracom no longer exist? Therefore zero chance of a fix. Some manufaturers are really good and quickly issue fixes, others lag behind.

From my own experience.....My old Netgear is "End of life", but Netgear, to their credit, still put out firmware updates to fix security vulnerabilities for it. I continue to use it, because of the characteristics of my phone line, it simply performs better than every alternative that I have tried, so I stick with it