Pour mémoire : https://securityaffairs.co/wordpress/71987/hacking/gpon-home-routers-hack.html

Analyzing the firmware of the GPON home routers, the experts found two different critical vulnerabilities (CVE-2018-10561 & CVE-2018-10562) that could be chained to allow complete control of the vulnerable device and therefore the network. The first vulnerability exploits the authentication mechanism of the device, it could be exploited by an attacker to bypass all authentication.

Voici donc le script que j’ai fait :

# zgrep "GponForm/diag_F" /var/log/apache2/access.humhub.log.*gz | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq | awk '{print "iptables -A INPUT -s " $1 " -j DROP "}'
iptables -A INPUT -s 23.95.132.55 -j DROP 
iptables -A INPUT -s 23.95.191.212 -j DROP 
iptables -A INPUT -s 27.40.100.96 -j DROP 
iptables -A INPUT -s 42.235.98.126 -j DROP 
iptables -A INPUT -s 42.237.215.13 -j DROP 
iptables -A INPUT -s 45.229.54.120 -j DROP 
iptables -A INPUT -s 59.99.47.115 -j DROP 
iptables -A INPUT -s 115.50.246.211 -j DROP 
iptables -A INPUT -s 178.175.102.79 -j DROP 
iptables -A INPUT -s 180.188.249.125 -j DROP 
iptables -A INPUT -s 198.23.172.233 -j DROP 
iptables -A INPUT -s 221.15.171.118 -j DROP 
iptables -A INPUT -s 222.97.172.100 -j DROP
# zgrep "GponForm/diag_F" /var/log/apache2/access.humhub.log.*gz | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq | awk '{print "iptables -A INPUT -s " $1 " -j DROP "}' > script_filter_scan_gpon.bash
# echo "iptables-save > /etc/iptables/rules.v4"  >> script_filter_scan_gpon.bash
# chmod +x script_filter_scan_gpon.bash
# ./script_filter_scan_gpon.bash