router virus? - HughesNet Community

slopok · ‎04-19-2020

Did a network scan w/ avast and it reported a network problem found. The exp was "an attacker has modified a http response to inject his own code". Vulerability I.D. HNS-HTTP- Injection. Recommendations: Change Router Settings. The only settings I have changed were the router password and security settings, those chages were made a couple of years ago. I considered using the "reset" button but read that it had to be done a certain way or it could cause more problems than solutions. I am not router savy so I'm just feeling my way through this. Other than the above message all works normally, I've looked at devices logged on to the network a few times and recognize all the devices listed. Any info the community can provide is appreciated.

thanks

C0RR0SIVE · ‎04-19-2020

This article would provide you with some information: https://help.avast.com/en/av_free/17/hns/hns-201510-02.html

Seeing as Hughesnet modems/routers are not reachable from the outside unless you have IPv4/Static on your account, it's more or less just an annoyance.

slopok · ‎04-20-2020

Thank you for the article. The info in the article was the same as the info given after the scan, the big diff. I see is my scan stated " an attacker HAS modified a http response"..... suggesting to me that a change to my router settings had been made. As before, I am not router savy.

Thanks

slopok · ‎04-20-2020

Forgot to ask, one solution Avast suggested was disabling " Remote/WAN Management " and allowing only trusted devices access to the network". Where is that setting found in my router ? I have not been able to find it anywhere.

Thanks

C0RR0SIVE · ‎04-20-2020

Does Avast supply what was modified exactly?

As far as remote management, that isn't a setting on the HT2000w, there is, as far as I know, no remote management feature for users to use, aside from the one that Hughesnet uses to manage the terminals. That remote management method can't be accessed outside of Hughesnet infrastructure.

The only thing I could think of that would cause that, is when Web Acceleration is enabled, sometimes Hughesnet will inject some javascript into the header of a website to check for page load time performance.

slopok · ‎04-20-2020

Does Avast supply what was modified exactly?

That is very frustrating issue. They do not as far as I can understand. They tell me the device is not configured properly, then tell me to see details. Details is where they inform me "an attacker has modified a http response " etc. They suggest changing router settings, I assume they refer to remote management. Guess I'll bite the bullet and call support and begin that climb.

Thanks for all your help.