It appears that the open source Tomato router firmware, which is also increasingly being adopted by manufacturers of routers, has a bit of a problem.
One of the router’s default settings leaves port 8080 open to the Internet - with a default user name of “admin” and a default password of “admin”. Alternatively, the user name is “root” with the same “admin” password.
If your router runs Tomato, you can check whether ports are open to the Internet using the GRC ShieldsUp tool - which tries to send your system messages to commonly used ports. You can also specify the port to be scanned - in this case 8080.
If your router is exposed to the Internet:
- Did you deliberately expose it and set a strong user name/password combination?
- If not, panic. Then read the router’s manual to find out how to close the port (preferably) or at least set a strong password.
While you’re on the GRC website, you may wish to try the UPnP probe for Windows (which requires a small download that must be run as Administrator) and read the supporting information to see if you have that particular vulnerability. In most cases, routers and Windows are both set up to accept UPnP connections.
(I just learned that my current Windows install had UPnP enabled, and immediately turned it off. It doesn’t matter enormously, as my router is rejecting requests - but if I had a rogue program it would have slightly more difficulty communicating with the mothership.)