Netonix "Seized" by FBI
Posted: Fri Aug 02, 2024 11:26 am
One of my Netonix switches (WS-8) on ver: 1.5.16 had its webserver "seized" by the FBI (see attached image). It is claiming that the device is acting as a 'DDoS-for-hire service'.
I went to access the webserver to program the unit and instead I was presented with the attached image.
The link embedded in the image is legit (https://www.fbi.gov/contact-us/field-of ... os-attacks).
This is VERY worrisome. How did my device get compromised so that the webpage was re-written? And, why does the FBI think it is being used for DDoS?
I have pulled the device from production and accessed it directly from my laptop (nothing else plugged in) and I get the same message. So, this is not a re-direct. Somebody actually got access to the underlying webserver and rewrote the default index.html page. If I go to main.html, or index.php, I get the correct login screen.
I have not factory defaulted the device to see if that fixes the issue. I want to see if there is anything that can be gleamed from its current state.
The switch still works.
Please advise what needs to be done.
I went to access the webserver to program the unit and instead I was presented with the attached image.
The link embedded in the image is legit (https://www.fbi.gov/contact-us/field-of ... os-attacks).
This is VERY worrisome. How did my device get compromised so that the webpage was re-written? And, why does the FBI think it is being used for DDoS?
I have pulled the device from production and accessed it directly from my laptop (nothing else plugged in) and I get the same message. So, this is not a re-direct. Somebody actually got access to the underlying webserver and rewrote the default index.html page. If I go to main.html, or index.php, I get the correct login screen.
I have not factory defaulted the device to see if that fixes the issue. I want to see if there is anything that can be gleamed from its current state.
The switch still works.
Please advise what needs to be done.