Cox routers effected by "The Moon" malware?

I wonder what the equivalent of  the "Filter Anonymous Internet Requests" is in Netgear routers? Because I see:

Disable Port Scan and DoS Protection (Off)

Respond to Ping on Internet Port (Off)

Disable IGMP Proxying (On)

NAT Filtering (Secured)

Unless I'm missing something from another screen?

"Filter Anonymous Internet Requests" just means you can't ping (ICMP) your router's public IP from outside the network, so it would be the "Respond to Ping on Internet Port (Off)" which is usually off by default. The reason the article tells you to disable it is because some worms/malware use ICMP to find routers which may be vulnerable to their attack. However, if your router is/was infected, I would suggest going a step further and changing/cloning the MAC address of the router so Cox will give you an entirely new IP address.

The important thing is that "remote management" of any form is disabled. I think on most Netgears that is found Advanced > Remote Management.

Ok I see. The remote management is definitely disabled. I think I've heard before about the bug that lets them bypass security to access the administration because of that feature. So far I think I'm good to go. Thanks for the tip.

Could a moderator share their opinion on this? This would manifest as people calling in to report slow internet and popups, so most likely it would have been passed off as malware or some issue with the customers computer. However, if the customer rents a gateway, there will be NO way for the customer to fix it, since they don't have access to update the firmware. 

Do we have any feed back on weither the hardware that Cox provides is succeptible to this malware or not?  Can't update the firmware, the phone ports and usb ports are disabled... I've got everything inbound locked down. no UPNP, yet I have so much traffic coming in!  Had to wipe my hard drive last week, so I'd really appreciate knowing this CG300D router is secure, please.

Thank you for your patience while I checked into this with our engineers and product team.

The Moon Malware vulnerability is known to only affect specific Linksys devices.  Please see Linksys for specific models.  None of the Cox-provided gateways (cable modem and router in a single device) are provided by Linksys  and are therefore not at risk for this particular vulnerability.  Cox maintains firmware updates for these devices when on the Cox network, regularly testing and pushing updates to ensure the most up-to-date and secure equipment possible.  For any router not provided and maintained by Cox (including a standalone router purchased separately from Cox), it is highly recommended as a best practice to regularly check for device firmware updates and apply them as they become available.  This is especially important for Linksys customers in this case.  Check with your specific router manufacturer for instructions on how to perform this update.

ChrisL said:
None of the Cox-provided gateways (cable modem and router in a single device) are provided by Linksys

What about the Cisco DPC3825?

Also, what source are you going by that it only effect Linksys devices? According to the ISC report it would seem to effect any device with a HNAP vulnerability. Like Dlink for example. 

"At this point, we are aware of a worm that is spreading among various models of Linksys routers. We do not have a definite list of routers that are vulnerable, but the following routers may be vulnerable depending on firmware version: E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000,E900

The worm will connect first to port 8080, and if necessary using SSL, to request the "/HNAP1/" URL. This will return an XML formatted list of router features and firmware versions. The worm appears to extract the router hardware version and the firmware revision..."

https://isc.sans.edu/forums/diary/A+few+updates+on+The+Moon+worm/17855

Ok, listen.  I have to use this modem , because it's what you provided. the CG3000D.  On paper a good piece of hardware, however, as it is ISP provided, some features are limited if not absent.  That's an issue I've already voiced, and got the standard response, so we'll go with pushing of firmware updates.

YOu state that COX is pushing firmware updates out to those devices found suspect on the COX provided network.  But for the rest of the non Linksys crowd, see your manufacturer for firmware updates.  Again, as this is an ISP provided model, Netgear does not have available firmware updates.  My firmware hasn't been updated since 2013.

Not only do they not have firmware updates, they do not have proper installation manuals for ISP provided models with knocked down features.  COX walk thrus are " plug this here, plug that there, lets' focus on the colors of the lights..."  No dammit, I need help understanding sdome of this , is ther eanyone that can help me a little more than just plugging it in and DHCP?  

here.. Can you answer this:  IN my router setup, on the lan page.  it has "host: ______________" and "Domain:__________"

I'm pretty certain I should put something there, though probabaly not mandatory, but.. ,mabybe?

This thread is for the discussion of "the moon" malware. Please start a new thread to discuss other issues. Thanks.

@ChrisL Has there been any update on this? You stated " None of the Cox-provided gateways (cable modem and router in a single device) are provided by Linksys" but wouldn't the DPC3825 fall within the umbrella?