Security problem

[Centrifuge]

I connected my dream machine to my laptop which had malware on it, does that mean I need to buy a new router/firewall?

No, get a handle on you allowing malware on your machine. No firewall out there is going to protect you from the internet if you are the biggest threat to your own network.

 

[Christos]

what VPN do you recommend?

Any VPN would do the job, even the oldest L2TP.

 

[Tim91]

No, get a handle on you allowing malware on your machine. No firewall out there is going to protect you from the internet if you are the biggest threat to your own network.

Yes I know this now but now that I have connected a device with malware to a firewall do I have to buy a new firewall/router I was told yes

 

[Tim91]

No.

but the router/firewall is infected with malware. How would I remove it? I was told a device can have malware in the in lots of different areas wouldn’t it be smart to get a new device? suggestion?

 

[ColinTaylor]

but the router/firewall is infected with malware.

This is the first time you have said that the router has malware. You never mentioned this before and it's very unlikely to be true.

It's clear that you are not going to listen to anything we tell you so there's no point carrying on with this conversion. Good bye and good luck.

 

[Christos]

you can reset the router if you believe it is infected. It is like formatting your laptop and re-installing windows.

 

[thiggins]

@Tim91 I think you may be able to tell by the tone of most of the responses to your questions, that you may not get the help you seek here.

Network security is a very complex subject and there are no absolute, 100% foolproof solutions. Generally, the stronger the protection, the harder it is to configure and maintain.

A general rule is that if you think you have an infected device, disconnect it immediately from your network and don't connect it to the internet. If you need to do a malware scan or install an antivirus tool, load it onto a flash drive on a known-good computer and sneaker-net it over to the suspect machine. But in no case should you connect the suspect device to your network until you know it is clean.

If you don't have the skills to do this, the best thing is to take it to a service professional who can properly diagnose and clean the machine. But be advised a lot of malware these days is pretty persistent and can burrow into the root partition of your hard drive. In that case, the best course of action is to replace the drive and do a clean install of the operating system, then the applications. Before you install anything from a backup, be sure to virus scan it.

As far as a router being infected by malware, that is less likely. In many cases a factory default result, as @Christos suggested will take care of the problem.

Finally, as @Centrifuge pointed out, understanding the source of the malware can help you decide on the kind of protection you need. But good, robust, use-friendly firewalls at the price average consumers are willing to pay are very hard to find. And any decent solution will likely be subscription-based, which, again, most consumers don't want to pay for.

 

[jdabbs]

At the enterprise level, it's not uncommon to remove access to device management from external and user-facing networks.

To add to what Tim posted:
Let's say you go all out and buy a $800 firewall and pay a guy $200 to set it up for you. Meanwhile, the RAT installed on your PC six months ago makes an outbound connection 30 seconds after the firewall is replaced and the hacker still have access. The only thing that's changed is that you're $1000 poorer. In fact, if you also have the firewall password saved on a device they have access to, they can poke whatever holes through your firewall they want. For incident response, the first step is containment. And that's a daunting task if it's beyond your ability to determine what's compromised.

What people forget too, is that online accounts are also assets to secure. You can wipe your router, your phone, and your PC but that doesn't matter if your Google account creds were phished when you thought you were signing up for free CS:GO skins.

 

[Tim91]

@Tim91 I think you may be able to tell by the tone of most of the responses to your questions, that you may not get the help you seek here.

Network security is a very complex subject and there are no absolute, 100% foolproof solutions. Generally, the stronger the protection, the harder it is to configure and maintain.

A general rule is that if you think you have an infected device, disconnect it immediately from your network and don't connect it to the internet. If you need to do a malware scan or install an antivirus tool, load it onto a flash drive on a known-good computer and sneaker-net it over to the suspect machine. But in no case should you connect the suspect device to your network until you know it is clean.

If you don't have the skills to do this, the best thing is to take it to a service professional who can properly diagnose and clean the machine. But be advised a lot of malware these days is pretty persistent and can burrow into the root partition of your hard drive. In that case, the best course of action is to replace the drive and do a clean install of the operating system, then the applications. Before you install anything from a backup, be sure to virus scan it.

As far as a router being infected by malware, that is less likely. In many cases a factory default result, as @Christos suggested will take care of the problem.

Finally, as @Centrifuge pointed out, understanding the source of the malware can help you decide on the kind of protection you need. But good, robust, use-friendly firewalls at the price average consumers are willing to pay are very hard to find. And any decent solution will likely be subscription-based, which, again, most consumers don't want to pay for.

i read not only can the hard drive be infected with malware but so can the cpu, video card, usb peripherals, and DVD burner I know most people will say it’s unlikely but it is a possibility as to why I’m gonna buy a new pc. You said in most cases a factory reset of the router will remove the malware and if it doesn’t what would your next suggestion be? Thanks for commenting I appreciate your feedback.

 

[Tim91]

At the enterprise level, it's not uncommon to remove access to device management from external and user-facing networks.

To add to what Tim posted:
Let's say you go all out and buy a $800 firewall and pay a guy $200 to set it up for you. Meanwhile, the RAT installed on your PC six months ago makes an outbound connection 30 seconds after the firewall is replaced and the hacker still have access. The only thing that's changed is that you're $1000 poorer. In fact, if you also have the firewall password saved on a device they have access to, they can poke whatever holes through your firewall they want. For incident response, the first step is containment. And that's a daunting task if it's beyond your ability to determine what's compromised.

What people forget too, is that online accounts are also assets to secure. You can wipe your router, your phone, and your PC but that doesn't matter if your Google account creds were phished when you thought you were signing up for free CS:GO skins.

Can someone hack into my new modem if they have my MAC address to the modem and IP address from my spectrum/isp account? I’m gonna buy a new pc and router. just Worried they hack my modem before I install my new router/pc

 

[Tech9]

but the router/firewall is infected with malware.

I don't see any evidence of hacked router or computer. Usually the most dangerous malware is the user. If you really got hacked, it most likely happened with your assistance. New router, new computer - it doesn't matter. With the same user and the same actions it will happen again. I can't help you.

 

[Tim91]

I don't see any evidence of hacked router or computer. Usually the most dangerous malware is the user. If you really got hacked, it most likely happened with your assistance. New router, new computer - it doesn't matter. With the same user and the same actions it will happen again. I can't help you.

I’ve educated myself with clicking on random links and opening up emails. My question is how to remove it, if a factory reset wont remove a root kit from a pc it would remove one from a router.

 

[Tech Junky]

@Tim91 This has all been discussed at length in another thread - https://www.snbforums.com/threads/pc-router-hacked-please-help.77485/post-748435

 

[jdabbs]

Can someone hack into my new modem if they have my MAC address to the modem and IP address from my spectrum/isp account? I’m gonna buy a new pc and router. just Worried they hack my modem before I install my new router/pc

Unlikely, but really depends on the modem. My day job is firewalls, and every once in a while Cisco puts out a vulnerability notice like "an attacker sending a specially crafted packet" followed by something unfortunate now being possible. If packets go through and there's a vulnerability to exploit, you're vulnerable. That said, such a vulnerability needs to exist, and the attacker needs to be aware of the vulnerability. In general though, you want to take into consideration what the modem does--if it has an integrated router, that broadens the attack surface and a simple modem would be better.

If I was in a scenario where I couldn't trust my modem, I'd ask my ISP to swap it out. Honestly, it would be pretty far down my list of things to worry about though.

 

[Tech Junky]

if they have my MAC address to the modem and IP address from my spectrum/isp account?

Then you need to secure your account with Spectrum.

The MAC isn't something that is routable across the internet anyway and the IP assigned to the CM is a private RFC1918 10.x.x.x which isn't accessible over the internet either. The IP on your WAN device aka Router is something they can reach if you don't disable external access.

 

[Tim91]

Then you need to secure your account with Spectrum.

The MAC isn't something that is routable across the internet anyway and the IP assigned to the CM is a private RFC1918 10.x.x.x which isn't accessible over the internet either. The IP on your WAN device aka Router is something they can reach if you don't disable external access.

This is what I’ve been trying to understand so a hacker having my MAC address for my modem and IP address doesn’t matter, what matters is if my router/firewall is configured. i was gonna connect my modem-route-pc via Ethernet is this safer then Wi-Fi?

 

[Tim91]

Then you need to secure your account with Spectrum.

The MAC isn't something that is routable across the internet anyway and the IP assigned to the CM is a private RFC1918 10.x.x.x which isn't accessible over the internet either. The IP on your WAN device aka Router is something they can reach if you don't disable external access.

So your saying they can’t hack my modem only the router/firewall can be hacked. is disabling remote access the same as external access?

 

[Tim91]

What?


All routers come with ports closed, including your Dream Machine.

Buying another router won't help you if you don't understand the problem. If your PC has malware on it that is likely to be the source of your problem, not an imaginary issue with the router.

I know the pc is that’s why I’m buying a new one. a router can stop a hacker that wants to hack me again. Can someone hack my modem with the knowledge of the MAC address and public IP address. I was told they cannot hack a modem only a router what’s your take. Don’t say change isp details please

 

[coxhaus]

A few years ago, there was a modem hack using the 192.168.100. x network on the modem. If you block that network in your router, then your modem cannot be hacked.
I think you are all too worried. Bleeping computer has a lot of fixes for hacks. You need make a plan and take everything offline and fix it all before you come back online. If you miss, then you need to do it again. If your PC is hacked, then it needs to be low level formatted on the hard drive and re-installed. Do not install a backup.

 

[thiggins]

@Tim91 You have received many helpful comments by now. Any device can be hacked. It's just a question of how much effort it takes and whether the target is valuable enough to make the effort. I have no further advice for you.