Security problem

[Tech9]

Sounds like a different professional is needed.

 

[Tim91]

No, you simply use the gateway IP of the router instead of the name.

so if i would of configured my firewall without connecting it to the modem first it wouldnt of gotten hacked?

 

[Tim91]

Not necessarily symptoms of a hacked PC. Did you install any additional software and from what source?

also my firewall configuration settings login popped up on my screen without entering the gate way after setup my password and recovery questions for my laptop and i entered my name and password thinking it was normal instead of typing in router.asus.com to get into firewall settings. must of been spoofing right?

 

[Tim91]

No, you simply use the gateway IP of the router instead of the name.

ok im gonna try again and configure it without connecting to the modem do you think thats how the hacker hacked me again, but when i configure my vpn to my firewall i have to connect to the internet for that right but ill be ok cause im accessing a website that is https secured?

 

[L&LD]

Log in with the IP of the router. When the WAN Port is not connected. 192.168.1.1, 192.168.50.1, or whatever it may be for your router.

Do not use anything you've used before in terms of SSIDs, network subnet (i.e. use 192.168.237.254 for the router's IP address), passwords, and/or username (don't use the default username, change that to anything but 'admin'.

Only when you have fully configured and customized the router as a new NETWORK, would I connect the WAN port to the ISP's modem/ONT connection.

Follow a similar strategy on the new computer. Nothing needs to be online to be (first) secured.

 

[Tim91]

Log in with the IP of the router. When the WAN Port is not connected. 192.168.1.1, 192.168.50.1, or whatever it may be for your router.

Do not use anything you've used before in terms of SSIDs, network subnet (i.e. use 192.168.237.254 for the router's IP address), passwords, and/or username (don't use the default username, change that to anything but 'admin'.

Only when you have fully configured and customized the router as a new NETWORK, would I connect the WAN port to the ISP's modem/ONT connection.

Follow a similar strategy on the new computer. Nothing needs to be online to be (first) secured.

so i connect an ethernet cable from my laptop to my router, configure the router from the laptop thats connected with ethernet. Once its configured then i can connect an ethernet cable from my isp modem to my router to my laptop? Do i have to have my laptop/router connected to each other with an ethernet cable to edit the settings on the firewall. Thanks again for your comment extremely helpful advice.

 

[Tech Junky]

Connect everything you need to configure EXCEPT for the CM.

Once configured you should be secure from the outside world.

 

[Tim91]

Connect everything you need to configure EXCEPT for the CM.

Once configured you should be secure from the outside world.

so connecting my modem before configuring my router was the mistake that gave the hacker access. I was told that the default settings for the firewall/router would block a hackers attempt i guess they were wrong? Besides whitelist filtering mac address and removing remote access what else could i do to configure my firewall.

 

[Tech Junky]

You still need to show examples of what you're considering a hack. Typically all that you have done would change your IP and make it hard to find you with all of the new gear. What else is on your network?

 

[Tim91]

You still need to show examples of what you're considering a hack. Typically all that you have done would change your IP and make it hard to find you with all of the new gear. What else is on your network?

a vpn would change my ip address, i dont understand what your saying?? "all that you have done would change your IP and make it hard to find you with all of the new gear" are you saying thats what mac address filtering does? i thought it only lets a specific device connect to a network.

 

[Tech Junky]

MAC is Layer2
IP is Layer3

MAC doesn't route across the internet to the alleged hacker. If you have some device on your network that is infected with something and is programmed to call home periodically that will open a stream to the other side to get in from. Could be some IOT device / thermostat / etc.

MAC filtering is only useful for your devices inside the LAN.

 

[Tim91]

MAC is Layer2
IP is Layer3

MAC doesn't route across the internet to the alleged hacker. If you have some device on your network that is infected with something and is programmed to call home periodically that will open a stream to the other side to get in from. Could be some IOT device / thermostat / etc.

MAC filtering is only useful for your devices inside the LAN.

the only thing i connected to my router/firewall was a brand new laptop i bought from a store so it couldnt have opened a stream to let a hacker in. So the hacker must of got in from the modem, the router and laptop were brand new just bought. so the default settings arent strong enough. You dont think mac address would still be important to configure? what would you recommend i configure to strengthen my firewall.

 

[thiggins]

@itpp20 Personal attacks will not be tolerated. You've earned a temporary ban.

Once again, if people think @Tim91 is trolling, STOP RESPONDING.

 

[Tech Junky]

You dont think mac address would still be important to configure?

With your abilities that won't be possible. It's irrelevant anyway with my prior statement.

New laptop, router, cable modem = no hack.

So, what's the real issue here?

 

[jdabbs]

i Bought a new pc and firewall and swapped out my old modem for a new one. connected them via ethernet/wired and when i turned on my pc it was hacked instantly, what did i do wrong? you configure firewalls for a living. if you were me and this happened to you what would you do differently. I didnt even get a chance to configure my firewall because they were in my brand new laptop before i could connect to the firewall settings.

First, let's discuss best practices.

For bringing new devices online, we don't put them on the Internet straight out of the box--that laptop might be six months behind on patches. Same goes for routers or firewalls. We update the device to a current OS version, then apply a hardened configuration. Security is an arms race: vulnerabilities are discovered, they're patched by the vendor, then more vulnerabilities are discovered, etc. Using up to date software removes many known vulnerabilities and makes exploitation more difficult. Hardening depends on the device, but for consumer grade routers, replacing default passwords and locking down wireless and management access will get you pretty far along. Disable uPnP too if you're worried about your devices poking holes in your firewall. Basically, the best configuration doesn't protect you if hackers can bypass the security because you're running an outdated OS version, and a fully updated device doesn't protect you if your password is still "password."

For new PC installs, one thing I suggest is limiting your browsing until the OS and browser are fully updated. The Internet is largely ad-driven and malicious ads can be on any website. If that ad is able to take advantage of an unpatched vulnerability, your system would be compromised.
My personal new PC process is:
kicking off Windows update immediately and getting up to date on patches,
using the bundled web browser to go directly to my browser's download page,
install the browser and ad blocker extension,
then download and install other apps and drivers.

For "what would you do in my shoes," like if I was recovering from an incident involving personal assets, I would have taken a different approach. Isolate compromised equipment, figure out how they are getting in/what they've done and plug that hole, clean up, then bring the remaining devices back online. It sounds like you are unwilling or unable to do the "figure out how they are getting in/what they're doing" step, which is a shame as that ultimately determines the appropriate response.

Example #1: I saw a complaint about lag. Let's say you make the wrong gamer mad and he's DDoSing your Internet connection. He's probably sending traffic to your WAN IP. The response would be changing your WAN IP, and if the behavior continues, figure out how the attacker is obtaining updated IPs. It could be whatever game you are playing exposes your IP, or he could be posting some image to discord and observing what IPs view that image and inferring which IP is yours. In this scenario, replacing your router wouldn't resolve the issue.

Example #2: Let's say an attacker has added your home router to an IoT botnet. Depending on the level of compromise, resetting your router config may not be sufficient to remove the attacker's foothold. I think it's a justifiable concern to worry that other IoT/smart devices could have been compromised, and it's possible your PC may also have been compromised since they'd have local network access to those devices. I would think that that a new laptop and router would not be immediately compromised, as those attacks are typically opportunistic. If that turns out to not be the case, I'd definitely be doubling down on determining how compromises are occurring.

Sometimes too, you have to second guess yourself. If there's lag, is it a DDoS attack, or is it your Internet service sucking? Sometimes you can't take your ISP's word for it. It could even be a faulty network cable. That "your PC is infected with 666 viruses" popup? Is that your antivirus warning you, or is that some dude in India's ad trying to scam you? A lot of people here are asking you for proof of hack, and while they're mainly hobbyists, collectively we've seen enough scam ads to be able to pick them out.

If I understand you correctly, you noticed that your router settings came up immediately. That's typically legit behavior--it's a technique commonly used on captive portals but can be done anywhere. What's happening is that your PC asks your router for the IP for a website, the router gives out its LAN IP instead, and you end up on the router's admin page. It's a convenience feature for initial setup and I wouldn't worry about it.

 

[dosborne]

what would you recommend i configure to strengthen my firewall.

Please provide, as has been requested !any times in this thread and your previous ones over the last year, at least ONE example of an ACTUAL "hack" so that we can provide you with actual information that may actually help, of indeed there is an actual threat. Everything else is just random guessing against vague statements.

 

[Tim91]

First, let's discuss best practices.

For bringing new devices online, we don't put them on the Internet straight out of the box--that laptop might be six months behind on patches. Same goes for routers or firewalls. We update the device to a current OS version, then apply a hardened configuration. Security is an arms race: vulnerabilities are discovered, they're patched by the vendor, then more vulnerabilities are discovered, etc. Using up to date software removes many known vulnerabilities and makes exploitation more difficult. Hardening depends on the device, but for consumer grade routers, replacing default passwords and locking down wireless and management access will get you pretty far along. Disable uPnP too if you're worried about your devices poking holes in your firewall. Basically, the best configuration doesn't protect you if hackers can bypass the security because you're running an outdated OS version, and a fully updated device doesn't protect you if your password is still "password."

For new PC installs, one thing I suggest is limiting your browsing until the OS and browser are fully updated. The Internet is largely ad-driven and malicious ads can be on any website. If that ad is able to take advantage of an unpatched vulnerability, your system would be compromised.
My personal new PC process is:
kicking off Windows update immediately and getting up to date on patches,
using the bundled web browser to go directly to my browser's download page,
install the browser and ad blocker extension,
then download and install other apps and drivers.

For "what would you do in my shoes," like if I was recovering from an incident involving personal assets, I would have taken a different approach. Isolate compromised equipment, figure out how they are getting in/what they've done and plug that hole, clean up, then bring the remaining devices back online. It sounds like you are unwilling or unable to do the "figure out how they are getting in/what they're doing" step, which is a shame as that ultimately determines the appropriate response.

Example #1: I saw a complaint about lag. Let's say you make the wrong gamer mad and he's DDoSing your Internet connection. He's probably sending traffic to your WAN IP. The response would be changing your WAN IP, and if the behavior continues, figure out how the attacker is obtaining updated IPs. It could be whatever game you are playing exposes your IP, or he could be posting some image to discord and observing what IPs view that image and inferring which IP is yours. In this scenario, replacing your router wouldn't resolve the issue.

Example #2: Let's say an attacker has added your home router to an IoT botnet. Depending on the level of compromise, resetting your router config may not be sufficient to remove the attacker's foothold. I think it's a justifiable concern to worry that other IoT/smart devices could have been compromised, and it's possible your PC may also have been compromised since they'd have local network access to those devices. I would think that that a new laptop and router would not be immediately compromised, as those attacks are typically opportunistic. If that turns out to not be the case, I'd definitely be doubling down on determining how compromises are occurring.

Sometimes too, you have to second guess yourself. If there's lag, is it a DDoS attack, or is it your Internet service sucking? Sometimes you can't take your ISP's word for it. It could even be a faulty network cable. That "your PC is infected with 666 viruses" popup? Is that your antivirus warning you, or is that some dude in India's ad trying to scam you? A lot of people here are asking you for proof of hack, and while they're mainly hobbyists, collectively we've seen enough scam ads to be able to pick them out.

If I understand you correctly, you noticed that your router settings came up immediately. That's typically legit behavior--it's a technique commonly used on captive portals but can be done anywhere. What's happening is that your PC asks your router for the IP for a website, the router gives out its LAN IP instead, and you end up on the router's admin page. It's a convenience feature for initial setup and I wouldn't worry about it.

1.i know what you mean by configuration for my router but not for the laptop are you referring to changing my password, recovery questions, and updating the os and browser if not can you clarify? 2.locking down wireless and managment access can you clarify. 3.you say to update the os and web browser, by updating the os it will automatically update the browser right? for me its windows and edge 4.You say malicious ads can take advantage of an unpatched vulnerability does visiting a site activate the ad or do i have to click on it? are you referring to drive by downloads if so does a https/secured website stop drive by downloads? 5.what is bundled web browser? 6.I have no idea how they are getting in? I am wiling, can you provide me with a strategy?? From my understanding the only way they got into my new laptop/router is from the modem but people on here said you can and cant hack a modem so im confused. i read online hackers can scan every ip in less then a day which is how they got into my modem if they did? i was told the default settings on my asus router would block any hack attempts from a hacker from a few of the people on here i guess they were wrong and i assume that was the cause of the breach thats how they got in by not configuring before connecting to the modems wan. do you think that as well, i didnt connect a device with malware again these were new devices recently purchased. I had an incident where the same hacker hacked my brand new phone from a phone store without me logging in an apple id or icloud account and this was my fear when i bought the new pc that it would happen again even tho people say its not possible i saw it happen with my phone so maybe thats how they got into my laptop which again i dont think is possible. Some of you get mad at me saying to show proof but i cant i wish i could please stop commenting if you dont have anything to help me with other then saying im paranoid or im lagging thank you for commenting on this i appreciate your time responding to my post this means a lot to me.

 

[Tim91]

@itpp20 Personal attacks will not be tolerated. You've earned a temporary ban.

Once again, if people think @Tim91 is trolling, STOP RESPONDING.

thanks for banning him, no im not trolling my understanding of hardware/software/networking is very weak which is why i assume people think im trolling. These people have helped me a lot on this website and im constantly learning new things here and im very appreciative for every response

 

[Tech Junky]

@Tim91

So, if I were you in your position not knowing squat about what you're dealing with...

USB liveCD Linux Ubuntu
1. https://rufus.ie/en/
2. https://ubuntu.com/download/desktop
3. use rufus to burn the image to a USB drive
4. boot to the USB and this gives you a functional OS / desktop to check for updates on the router w/o exposing your Windows install
5. configure the router completely to your liking
6. grab a copy of Chrome or whatever browser install you want to use and save it to the USB or the system drive by mounting it in "disks" from Ubuntu
7. reboot into Windows and install chrome / don't use Edge
8. check for updates to Windows and do it a few times as they stack upon each other for installs
9. run a scan on the PC using something like ESET https://www.eset.com/us/home/online-scanner/
10. once you pass the checks for a clean system go ahead and install your apps as needed

This should set you up for success.

As to the whole hacking thing.... you know where I stand and it seems you're getting a lot of conflicting information from different sources and going down a rabbit hole with something that's not likely happening on the new equipment. Most of the consumer stuff being bought these days is idiot proof with self induced protections enabled by default. This is where the skepticism comes into play when you don't present specific evidence of an issue. Narrowing down the correct course of action requires specific information to remedy the issue. We've advised going and getting all new gear is a waste of money and time rather than facing the issue head on. Together the members suggesting solutions have plenty of experience under their belt but for whatever reason you just keep spinning in circles like groundhog day. Get off the carousel and plant your feet on the ground or this will just continue to happen. When setting up the new gear it should be obvious to not use the same information as you were before when it comes to usernames / passwords / network SSID's / etc. If you think you've been hacked then check your online accounts for activity as well since they're probably compromised as well since that's usually the target of a hacker. Check your banks / credit cards / sensitive information. No legit hacker cares about the stuff on your HDD in your PC it's the credentials that lead them to profit. If you have sensitive data then store it off your PC on a NAS or USB drive so it's not compromised if something does happen.

 

[Tim91]

@Tim91

So, if I were you in your position not knowing squat about what you're dealing with...

USB liveCD Linux Ubuntu
1. https://rufus.ie/en/
2. https://ubuntu.com/download/desktop
3. use rufus to burn the image to a USB drive
4. boot to the USB and this gives you a functional OS / desktop to check for updates on the router w/o exposing your Windows install
5. configure the router completely to your liking
6. grab a copy of Chrome or whatever browser install you want to use and save it to the USB or the system drive by mounting it in "disks" from Ubuntu
7. reboot into Windows and install chrome / don't use Edge
8. check for updates to Windows and do it a few times as they stack upon each other for installs
9. run a scan on the PC using something like ESET https://www.eset.com/us/home/online-scanner/
10. once you pass the checks for a clean system go ahead and install your apps as needed

This should set you up for success.

As to the whole hacking thing.... you know where I stand and it seems you're getting a lot of conflicting information from different sources and going down a rabbit hole with something that's not likely happening on the new equipment. Most of the consumer stuff being bought these days is idiot proof with self induced protections enabled by default. This is where the skepticism comes into play when you don't present specific evidence of an issue. Narrowing down the correct course of action requires specific information to remedy the issue. We've advised going and getting all new gear is a waste of money and time rather than facing the issue head on. Together the members suggesting solutions have plenty of experience under their belt but for whatever reason you just keep spinning in circles like groundhog day. Get off the carousel and plant your feet on the ground or this will just continue to happen. When setting up the new gear it should be obvious to not use the same information as you were before when it comes to usernames / passwords / network SSID's / etc. If you think you've been hacked then check your online accounts for activity as well since they're probably compromised as well since that's usually the target of a hacker. Check your banks / credit cards / sensitive information. No legit hacker cares about the stuff on your HDD in your PC it's the credentials that lead them to profit. If you have sensitive data then store it off your PC on a NAS or USB drive so it's not compromised if something does happen.

i apologize im having a hard time understanding this can you summerize steps 1-10? what is livecd linuxubuntu? linux is an os but i have windows already? your saying i can access my router without exposing my windows? isnt that the same as configuring my firewall without putting devices on the internet? sorry bare with me