SMS786
Senior Member
ThanksFail2ban - and UFW is running (UFW is a front-end to iptables)
I don't run an outward facing sshd on my gateway, I have a jumpbox that is port forwarded to the outside world...
ThanksFail2ban - and UFW is running (UFW is a front-end to iptables)
I don't run an outward facing sshd on my gateway, I have a jumpbox that is port forwarded to the outside world...
lol.. skynet is in this forum... see the first page and find out yourself.. u will need a 1gb above flash drive for it.Yeah router didn't have that stuff on & was running OpenVPN. Would you have a link for Skynet? Google only spitting out terminator movie links & other software that doesn't seem right like what you're describing.
Yeah router didn't have that stuff on & was running OpenVPN. Would you have a link for Skynet? Google only spitting out terminator movie links & other software that doesn't seem right like what you're describing.
https://www.snbforums.com/threads/s...mic-malware-country-manual-ip-blocking.16798/lol.. skynet is in this forum... see the first page and find out yourself.. u will need a 1gb above flash drive for it.
there is only one person here who can truly be running the "latest"
Administration-System-Persistent JFFS2 partition-Format JFFS partition at next boot. Reboot of coz. Then u can check the /jffs directory after the reboot.
Just imagine this is a pc and the OS is windows. Everytime boot up or some scheduled task auto start up. When u cleared your OS and using default setting, the “scheduled” task or auto start up app will be removed. But the malicious files loaded by the hacker may still present in some part of your external storage like your USB drives, waiting for you to accidentally click or execute them. So if u know what is in your drives . Then good for you. See before u open the files...
Good to see the thread is active... awareness is important... better to be safe than sorry. Especially randomware these days.
Today the internet world seems happening with lots of probing and ddos going on...
http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&list=2&time=17619&view=map
Maybe it is Good Friday... well.. enjoy your holiday and stay safe... [/QUOTE
You wrote "Then u can check the /jffs directory after the reboot"
Searched around....how can I check the jffs and what is it I am looking for? thx
Ok so I've updated, rebooted & factory defaulted the crap outta my router.
Now have the following showing up as External Attacks;
EXPLOIT Netcore Router back door Access
EXPLOIT Remote Command Execution via Shell Script-2
Annoyingly, my smartplugs need access to the internet for the scheduling to work. If I turn off their internet access in the GUI then I can still use Alexa and the phone app to control them... most of the time. Sometimes they don't work, but usually they do. I'd like to be able to set them up to operate per-MAC-address whitelist-only, but there doesn't seem to be a good solution for that yet. If Alexa doesn't have internet access, she won't work at all since your voice and everything gets processed on Amazon servers.Looking hard at my security since being hacked...
Should my Amazon Alexa device be attached to a Guest Network with no intranet access? Maybe I answered my own question, if I did that then I couldn't tell Alexa to turn on the lights, etc. unless those other devices were also on the guest network, right? but then I can't see what is connected, right?
How about my SmartThings hub? (connected by wire)
How about my cameras?
What is the proper way to setup IoT (internet of things)?
@OOo ,How about my cameras?
I would change your subnet. (If you had 192.168.1.x, change to 192.168.130.x or something...)It's safe to say that passwords have probably been comprised & now changed. But what about;
-inbuilt VPNServer certificates?
-DDNS address?
-IP address/es?
Should I change these now too?
Thanks for Skynet link, will have read of that. Didn't realise it was right here in this forum haha .
Attacks have really dropped off today. (Just 1!) Will be interesting to watch next week and see if it has a similar "busy during the work-week" pattern. That would imply that it's somebody's M-F job to get in other peoples' business.
Yes, that's my interpretation. Anything 'getting through' wouldn't show up at all since there wouldn't be a signature to register.If the attacks are showing as red in the AIProtection graph, doesn’t that mean the attacks have been blocked from getting through?
@RMerlin, does this effectively mean that sticking with the 380 branch is no longer a safe option? That would mean that I have to, regardless of not getting QoS ever back up again on anything higher than the 380 branch, update to the 384.x branch anyway.
What I was suggesting is my AIProtection graph showed no "hits" last Sunday, or Saturday. All during the work week. Suspicious, no? I will watch it again this week.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!