Security problem

[Tim91]

My network is hacked, I’m going to remove the malware from my computer and buy a firewall. The problem is the hacker knows my login to my isp and if I change my password they can recover it because they know my details. On my isp account it contains my IP address and MAC address of my modem, can they hack into my network again with the knowledge of my IP address and modem MAC address even if I have a firewall installed, I was told my firewall would block the hack? a Firewall wouldn’t do anything if they hacked my modem before I installed my firewall to my network because they have my ip and MAC address in my isp account. What’s your view on this subject?

 

[ColinTaylor]

My network is hacked,

This tells us almost nothing about your problem.

I’m going to remove the malware from my computer and buy a firewall.

Why do you need to buy a firewall? Assuming you're using a router it will already have a firewall.

The problem is the hacker knows my login to my isp and if I change my password they can recover it because they know my details.

Contact your ISP and change your details.

On my isp account it contains my IP address and MAC address of my modem, can they hack into my network again with the knowledge of my IP address and modem MAC address even if I have a firewall installed,

Not normally but it depends on what equipment you're using and how it's configured.

 

[Tech Junky]

Well, a FW blocks attempts based on origin / destination.

They would potentially be able to hijack your ISP account but, that doesn't do them much good unless they want to cancel your service or bump your plan to the max cost.

 

[Tim91]

This tells us almost nothing about your problem.


Why do you need to buy a firewall? Assuming you're using a router it will already have a firewall.


Contact your ISP and change your details.


Not normally but it depends on what equipment you're using and how it's configured.

This tells us almost nothing about your problem.


Why do you need to buy a firewall? Assuming you're using a router it will already have a firewall.


Contact your ISP and change your details.


Not normally but it depends on what equipment you're using and how it's configured.

equipment you your referring to the firewall? I was gonna buy a Asus rt-ax86u. I was told these routers come with the ports closed so what other configurations would be necessary to secure my network from getting hacked, this is new to me

 

[Tim91]

what’s the easiest firewall to configure with the best security. Besides disabling remote access what other things would I configure to secure my network, someone suggested i configure my firewall to only receive specific ip or mac addresses? I currently have a dream machine and when I log into the settings I have no idea what I’m looking at any suggestions for simple but secure routers.

Thanks!

 

[L&LD]

Have you contacted Ubiquiti about your concerns?

What are you expecting and demanding that your network do for you? Both while within your home, and when you're out and external to it.

I have no idea what you're looking at either, maybe some screenshots would help us help you.

 

[Tim91]

Have you contacted Ubiquiti about your concerns?

What are you expecting and demanding that your network do for you? Both while within your home, and when you're out and external to it.

I have no idea what you're looking at either, maybe some screenshots would help us help you.

I want to secure my router to stop someone from hacking it what suggestions do you have in terms of configuring my Network.if you could name things I would appreciate it

 

[Tech Junky]

Easiest / effective is use Linux / IPTables

# Generated by iptables-save v1.8.7 on Sat May 14 23:45:57 2022
*mangle
:PREROUTING ACCEPT [16:21236]
:INPUT ACCEPT [16:21236]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Sat May 14 23:45:57 2022
# Generated by iptables-save v1.8.7 on Sat May 14 23:45:57 2022
*security
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Sat May 14 23:45:57 2022
# Generated by iptables-save v1.8.7 on Sat May 14 23:45:57 2022
*raw
:PREROUTING ACCEPT [16:21236]
:OUTPUT ACCEPT [0:0]
:FORWARD - [0:0]
COMMIT
# Completed on Sat May 14 23:45:57 2022
# Generated by iptables-save v1.8.7 on Sat May 14 23:45:57 2022
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:PERMIT-FWD - [0:0]
:PERMIT-IN - [0:0]
:PERMIT-OUT - [0:0]
-A INPUT -j PERMIT-IN
-A FORWARD -j PERMIT-FWD
-A OUTPUT -j PERMIT-OUT
-A PERMIT-FWD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A PERMIT-FWD -m conntrack --ctstate NEW -j ACCEPT
-A PERMIT-FWD -j DROP
-A PERMIT-IN -i lo -j ACCEPT
-A PERMIT-IN -i br0 -j ACCEPT
-A PERMIT-IN -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A PERMIT-IN -j DROP
-A PERMIT-OUT -o lo -j ACCEPT
-A PERMIT-OUT -o br0 -j ACCEPT
-A PERMIT-OUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A PERMIT-OUT -m conntrack --ctstate NEW -j ACCEPT
-A PERMIT-OUT -j DROP
COMMIT
# Completed on Sat May 14 23:45:57 2022
# Generated by iptables-save v1.8.7 on Sat May 14 23:45:57 2022
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o nordlynx -j MASQUERADE
-A POSTROUTING -o bo0 -j MASQUERADE
COMMIT
# Completed on Sat May 14 23:45:57 2022

This blocks everything by default and permits only LAN originated sessions to come back in. I also layered everything through NordVPN for whole network protection.

You could do this through anything that uses linux i.e. PI on the cheap. Since it's simple rules you don't need a lot of horsepower to process packets either. When you start getting more granular it gets slower.

 

[Tim91]

Easiest / effective is use Linux / IPTables

# Generated by iptables-save v1.8.7 on Sat May 14 23:45:57 2022
*mangle
:PREROUTING ACCEPT [16:21236]
:INPUT ACCEPT [16:21236]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Sat May 14 23:45:57 2022
# Generated by iptables-save v1.8.7 on Sat May 14 23:45:57 2022
*security
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Sat May 14 23:45:57 2022
# Generated by iptables-save v1.8.7 on Sat May 14 23:45:57 2022
*raw
:PREROUTING ACCEPT [16:21236]
:OUTPUT ACCEPT [0:0]
:FORWARD - [0:0]
COMMIT
# Completed on Sat May 14 23:45:57 2022
# Generated by iptables-save v1.8.7 on Sat May 14 23:45:57 2022
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:PERMIT-FWD - [0:0]
:PERMIT-IN - [0:0]
:PERMIT-OUT - [0:0]
-A INPUT -j PERMIT-IN
-A FORWARD -j PERMIT-FWD
-A OUTPUT -j PERMIT-OUT
-A PERMIT-FWD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A PERMIT-FWD -m conntrack --ctstate NEW -j ACCEPT
-A PERMIT-FWD -j DROP
-A PERMIT-IN -i lo -j ACCEPT
-A PERMIT-IN -i br0 -j ACCEPT
-A PERMIT-IN -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A PERMIT-IN -j DROP
-A PERMIT-OUT -o lo -j ACCEPT
-A PERMIT-OUT -o br0 -j ACCEPT
-A PERMIT-OUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A PERMIT-OUT -m conntrack --ctstate NEW -j ACCEPT
-A PERMIT-OUT -j DROP
COMMIT
# Completed on Sat May 14 23:45:57 2022
# Generated by iptables-save v1.8.7 on Sat May 14 23:45:57 2022
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o nordlynx -j MASQUERADE
-A POSTROUTING -o bo0 -j MASQUERADE
COMMIT
# Completed on Sat May 14 23:45:57 2022

This blocks everything by default and permits only LAN originated sessions to come back in. I also layered everything through NordVPN for whole network protection.

You could do this through anything that uses linux i.e. PI on the cheap. Since it's simple rules you don't need a lot of horsepower to process packets either. When you start getting more granular it gets slower.

i Apologize cyber security is very new to me, I don’t know what this is is Linux a router firewall?

 

[L&LD]

Pull the power plug if you want to stop anyone/everyone from hacking your network.

Is there a specific person you want to defend against? Your questions are ambiguous.

For most users, out-of-box defaults work best. Assuming you also want to have a functioning network.

There is no such thing as simple and very secure. You'll have to put some time into it (learning, researching, experimenting).

What about those screenshots that were asked of you? You have to start somewhere, so start with what you have.

 

[SSri]

As @ColinTaylor recommended, change the access (i.e. login) details of your ISP first. Make a strong password to your ISP account.

You mentioned an ISP modem. You must already have a router connected to the modem on the one side and the devices at the other end.

If this is correct, the router will have a firewall, which should block all incoming connections by default. If you don’t have a router, how do you connect your devices.?

 

[ColinTaylor]

equipment you your referring to the firewall?

What?

I was gonna buy a Asus rt-ax86u. I was told these routers come with the ports closed so what other configurations would be necessary to secure my network from getting hacked, this is new to me

All routers come with ports closed, including your Dream Machine.

Buying another router won't help you if you don't understand the problem. If your PC has malware on it that is likely to be the source of your problem, not an imaginary issue with the router.

 

[Tim91]

Well, a FW blocks attempts based on origin / destination.

They would potentially be able to hijack your ISP account but, that doesn't do them much good unless they want to cancel your service or bump your plan to the max cost.

What?


All routers come with ports closed, including your Dream Machine.

Buying another router won't help you if you don't understand the problem. If your PC has malware on it that is likely to be the source of your problem, not an imaginary issue with the router.

Yes I connected it to my laptop with malware im gonna buy a new laptop and new router and new modem cause that could also have malware on it. What other modifications could I make on a router configuration besides disabling remote access don’t waste time telling me to get a new hard drive there’s so many things that can be infected I’d rather just get new equipment

 

[Tech9]

Yes I connected it to my laptop with malware im gonna buy a new laptop and new router and new modem

I remember reading this already. From another mysteriously hacked member.

 

[Tech Junky]

I remember reading this already. From another mysteriously hacked member.

Yup. @thiggins blocked the last iteration of this.

 

[dosborne]

This is all repeat posts of the same issue dealt with many times under different user names.

Security problem

My network is hacked, I’m going to remove the malware from my computer and buy a firewall. The problem is the hacker knows my login to my isp and if I change my password they can recover it because they know my details. On my isp account it contains my IP address and MAC address of my modem...

www.snbforums.com

 

[OzarkEdge]

what’s the easiest firewall to configure with the best security. Besides disabling remote access what other things would I configure to secure my network, someone suggested i configure my firewall to only receive specific ip or mac addresses? I currently have a dream machine and when I log into the settings I have no idea what I’m looking at any suggestions for simple but secure routers.

Thanks!

Hire someone to help setup your network. And you can always use the firewall/router/gateway device your ISP installs and let them maintain it.

OE

 

[Christos]

Just avoid opening and forwarding any port. Use only VPN to access your network from outside.
I believe that your dream machine will not open any port unless you ask it to.

 

[Tim91]

Just avoid opening and forwarding any port. Use only VPN to access your network from outside.
I believe that your dream machine will not open any port unless you ask it to.

what VPN do you recommend? I connected my dream machine to my laptop which had malware on it, does that mean I need to buy a new router/firewall? I’m gonna buy a new one anyways wanted to know if I could somehow still have the old one. Thanks

 

[Tech9]

does that mean I need to buy a new router/firewall?

No.