Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've recently noticed the 'status lights' on my wireless router have been flickering when none of my wireless devices are switched on. I'm not one of those people who has all the latest gizmos with a wireless chip in everything I own. I have two mobile phones (cellphones for our American readers) one Apple Ipad, one tower system and various laptops. Yet when all of these were disabled, I noticed the lights flickering. It's the first time I've noticed this, but it could have been going on for years for all I know, as the router's not usually visible to me. The router's a Netgear DG834G and I've had it for several years now.
Should I be worried? I've never given the router password to anyone ever.
Thanks,
CC.
Last edited by Completely Clueless; 10-04-2022 at 06:56 PM.
Certain lights may "flicker" to indicate upstream Internet activity.
However, you should be careful to keep the router firmware up-to-date. (Enable "automatic updates" if these are available.) And, properly avail yourself of all hardware firewall features, in addition to software firewalls on the various pieces of client equipment. Most routers also contain logging features which are, for some reason, often not enabled. Turn them on for a while ...
Last edited by sundialsvcs; 10-04-2022 at 01:38 PM.
I stopped breathing as Patrick struggled to get the plug lined up with the port. I stared at the front panel lights, and felt Dave doing the same. My eyes watered. Patrick pushed the plug in. The front lights immediately lit and flashed actively. I felt my hands and face flush, and out of the corner of my eye saw Dave sit up and open his mouth as if to speak. He then put his face down into his cupped hands, and threw up.
Well, if you live in a large private property with no neighbors like I do then yes, it might be suspicious. Is there a hacker with directional antenna, sitting a mile away in his car, targeting your access point, trying to steal that naked selfie from your LAN or phone for blackmail? OTOH, if your apartment is on a busy street with thousand people walking by, it might just be their phones are scanning for access points, causing your lights to flicker. Or it might be the aliens, trying to figure out how human communications work.
First, if you can get on your router you can see what devices are connected by macid. You can use the macid to get what approximate device is connected.
Sometimes you can only see some cheap network card, however. But with so few devices, you should be able to figure out each device, every device has a way to find out the wifi macid.
Which light(s) on the router are flickering? As posted internet activity does not mean necessarily that something nefarious is going on. My router detects lots of WAN incoming traffic but most of that is blocked from every getting through to the LAN.
Were any of the LAN lights blinking? You did not mention if you have wired devices and/or if they were running.
Capture all traffic on the LAN with tcpdump and see what it is. You'll need to do it on a wireless device with the interface in promiscuous mode.
Code:
ip link set eth0 promisc on
If it's on the WAN side. Block everything, and log it to the firewall log. See who it is.
I had to install tcpdump which got to 71% then threw up a dialogue box saying grub needed to be upgraded and which partition to do it with. I didn't fancy meddling with grub and making the system unbootable so I'm afraid the steps you suggested, though certainly logical and sensible, are not something I can currently implement. Thanks anyway.
Thanks for all the suggestions, guys. I'm afraid (as my screen name alludes) I'm not very technical; especially so with IP stuff. Plus I've moved house since I bought the router and have lost the box and instructions, so can't tell what the various lights indicate. For the same reason I can't interrogate the device to see what settings are currently in place, nor change them if they're unsatisfactory. So I think perhaps the best thing to do is just buy a new one with maybe better security. The current one is getting on for 10 years old which is a lifetime in tech terms so it's probably time for an upgrade anyway.
I'm not bothered about people stealing my bandwidth (within reason!) but the possibility that some perv might be viewing child porn and I might end up in the frame for it is something I really cannot live with, as I'm sure none of you would, either.
Any other thoughts?
Is that really the best out there? Given that these things aren't very expensive, I'm thinking maybe get a new dual-band one which is Linux friendly and has a fully-configurable user-interface. If anyone knows such a device, I'm in the market for it.
Nope, I was just responding that you did not know what the lights represent and posting a link to the manual but not something new to purchase. I have cable versus ADSL so not up on the latest nor what is available/compatible in your area.
Depends on how much money you want to spend to get the latest and greatest wifi.
I have cable modem, router, switch and access point. All separate units, and this is the way I like it. I can replace any of them if a reason arises, without touching the others.
As far as I know ADSL MODEMs are more common in gateway devices i.e. combination MODEM/router then separate standalone devices. Your ISP should have a list of compatible devices.
You may have faster Internet speeds then your old MODEM provides which is a good incentive to purchasing a new device. Many have the capability of bridge mode which basically bypasses the builtin router/wifi functionality. You can then use any "regular" router with an Ethernet WAN port.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.