Hi Folks,
My main router is a Vigor 2860N+. Connected to it I have a credit card machine. Every month Trusteer do a security scan and this month I have failed. The report states that I am vulnerable to Birthday/Sweet32 attacks. Can anyone tell me the changes I must make to plug the gap? My firmware is 3.8.4_BT

Thanks in advance

Presumably you have searched the internet.
https://sweet32.info

So likely VPN for TLS or SSL are the cause. Is turning off VPN access an option?
Dave

by capturing around 785 GB of traffic

Well that rules out anyone not an on unlimited service, as they'd soon be bankrupt with the excess data costs :lol:

Draytek offered the below suggestion.

I would suggest:
- checking if VPN services are disabled, under 'VPN and Remote Access -- Remote Access Control Setup'
- disabling TLS 1.0 and TLS 1.1 (and SSL 3.0) under 'System Maintenance -- Management' (TLS/SSL Encryption Setup section)

I do not use VPN services so disabling it was not a problem. I disabled the rest, ran a Trustwave scan and it came back as "Passed".

Thanks Draytek support!

I hope this post helps.

Glad you got it sorted - and exactly where I had directed you to - VPN being the problem.

If you weren't using VPN I would question why it was turned on. If you just plugged in the router from the box and left VPN on when not required I wonder if you have been through and turned on/off other things that are open or shouldn't be. Such as the firewall which I think defaults to off. It may be worth working through the router and asking yourself if stuff should be on/off. Is FTP on or required?

Dave