LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Closed Thread
  Search this Thread
Old 08-26-2019, 05:48 AM   #1
lynxlyon2
LQ Newbie
 
Registered: Aug 2019
Posts: 6

Rep: Reputation: 0
Can a system be protected if the router is infected


So, my router is infected and the moron next door has my wifi info, and admin passwords. He can get in in under 10 seconds by now.

I think he infected my router and re-routed us.

He has quick entry into my system, and this is what I've tried:

1) resetting the router - default factory setting.
2) changing router page admin password, wifi password, mac filtering, etc...
3) re-formatting my system, checking for rats, etc...

My question is this
if the router is infected (im not good enough to clean routers), and that i use a VPN, is my data secure or not?

What can i do in this case?
 
Old 08-26-2019, 06:25 AM   #2
rtmistler
Moderator
 
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 8,302
Blog Entries: 13

Rep: Reputation: 3696Reputation: 3696Reputation: 3696Reputation: 3696Reputation: 3696Reputation: 3696Reputation: 3696Reputation: 3696Reputation: 3696Reputation: 3696Reputation: 3696
Get an entirely different router.

Don't use WiFi on your router.
 
Old 08-26-2019, 08:57 AM   #3
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 22,217

Rep: Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962
Quote:
Originally Posted by lynxlyon2 View Post
So, my router is infected and the moron next door has my wifi info, and admin passwords. He can get in in under 10 seconds by now.
I think he infected my router and re-routed us. He has quick entry into my system, and this is what I've tried:

1) resetting the router - default factory setting.
2) changing router page admin password, wifi password, mac filtering, etc...
3) re-formatting my system, checking for rats, etc...

My question is this if the router is infected (im not good enough to clean routers), and that i use a VPN, is my data secure or not? What can i do in this case?
Again???
https://www.linuxquestions.org/quest...os-4175656201/
https://www.linuxquestions.org/quest...em-4175625988/

This'll make the third account for the same 'problem'. Again, POST PROOF...we need more than 'router' to work with, along with some actual evidence of what you're talking about, how you know it's 'infected', and what kind of computer you have. If you can't provide actual evidence that something is going on, what do you expect us to do??? And *AMAZINGLY*, the 'lynxlyon' account had the same sort of screed a while back:
https://www.linuxquestions.org/quest...6/#post5896290

...and now it's 'lynxlyon2'??? Total coincidence, I'm sure. Even though your other duplicate thread indicates a 'moron':
https://www.linuxquestions.org/quest...ms-4175659817/

Seek help, and not technical help.

Last edited by TB0ne; 08-26-2019 at 09:04 AM.
 
Old 08-26-2019, 04:09 PM   #4
jefro
Moderator
 
Registered: Mar 2008
Posts: 19,398

Rep: Reputation: 2992Reputation: 2992Reputation: 2992Reputation: 2992Reputation: 2992Reputation: 2992Reputation: 2992Reputation: 2992Reputation: 2992Reputation: 2992Reputation: 2992
Some versions of routers have security issues. One may wish to see if any update from the OEM maker exists to correct this. One may wish to see if DD-WRT or other open sourced router firmware may support it. There are some routers that have a backdoor password. The firmware update should have fixed it if that is what is going on.

I agree that currently you ought to disable wifi if you don't feel you can configure it securely. Might look at any powerline adapters if you have them too.

I'd call police if you have some reason to suspect this. Most places it is a crime to do what you claim your neighbor is doing. Let the police investigate for proof.

Generally I'd think that a VPN created on a system computer could be immune to effects of a compromised router but this would assume more than a few things to be true. It could be that if one had access to the router one could start spoofing some things.

I'd assume that a new and current router tends to ship with the most current firmware not always. Easy enough to update upon first boot.

Last edited by jefro; 08-26-2019 at 08:32 PM.
 
Old 08-26-2019, 04:58 PM   #5
Firerat
Senior Member
 
Registered: Oct 2008
Distribution: Debian sid
Posts: 2,683

Rep: Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782
to be fair
there is a real problem in this closed thead
https://www.linuxquestions.org/quest...7/#post6029560

which I answered in this one
https://www.linuxquestions.org/quest...6/#post6029622

Is the router compromised?
Probably not.
But is is easy to see how lynxlyon2 could come to that conclusion when presented with the problem detailed in #post6029560
 
Old 08-26-2019, 06:29 PM   #6
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 22,217

Rep: Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962
Quote:
Originally Posted by jefro
Some versions of routers have security issues. One may wish to see if any update from the OEM maker exists to correct this. One may wish to see if DD-WRT or other open sourced router firmware may support it. There are some routers that have a backdoor password. The firmware update should have fixed it if that is what is going on.

I agree that currently you ought to disable wifi if you don't feel you can configure it securely. Might look at any powerline adapters of you have them too. I'd call police if you have some reason to suspect this. Most places it is a crime to do what you claim your neighbor is doing. Let the police investigate for proof.

Generally I'd think that a VPN created on a system computer could be immune to effects of a compromised router but this would assume more than a few things to be true. It could be that if one had access to the router one could start spoofing some things. I'd assume that a new and current router tends to ship with the most current firmware not always. Easy enough to update upon first boot.
...and...
Quote:
Originally Posted by Firerat View Post
to be fair
there is a real problem in this closed thead https://www.linuxquestions.org/quest...7/#post6029560

which I answered in this one https://www.linuxquestions.org/quest...6/#post6029622

Is the router compromised? Probably not. But is is easy to see how lynxlyon2 could come to that conclusion when presented with the problem detailed in #post6029560
Sorry guys, no. lynxlyon2 is the same person as lynxlyon...and if I had to bet, the same person as the other two posters. Language, syntax, and 'problem' is all the same.

Does anyone honestly think that, despite the router being reset to factory, new settings applied, etc., etc., that the 'moron' gets in, in under 10 seconds???? Please...see previous posts:
https://www.linuxquestions.org/quest...0/#post5896253
https://www.linuxquestions.org/quest...ck-4175632746/
https://www.linuxquestions.org/quest...em-4175625988/
https://www.linuxquestions.org/quest...os-4175656201/

Now, I can't be *CERTAIN* that this OP is the same person as the other three mentioned here....but lynxlyon vs lynxlyon2 would seem to be a safe bet. And given the language and syntax, along with the same references to VPN's, that they're getting 're-routed', etc., sure seem to point in that direction.

Lynxlyon2...so far, you've made an accusation that the 'moron' is getting on your wifi in under 10 seconds. What we haven't seen so far is some PROOF...how do you KNOW anyone is getting in?? What exactly do you mean by 're-routed'??? Symptoms?? Your other thread was total speculation that you were 'hacked', when in reality it was just a system update...yet you blamed it on being 'hacked'.
 
Old 08-26-2019, 07:02 PM   #7
Firerat
Senior Member
 
Registered: Oct 2008
Distribution: Debian sid
Posts: 2,683

Rep: Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782
I understand where you are coming from TB0ne

We can only help with their technical problems like the repos getting re-organised.

Not much I can do about their other issues.

I belive the belief is genuine and hostility will only re-enforce that belief.
not a troll just a tortured soul.
 
1 members found this post helpful.
Old 08-26-2019, 07:26 PM   #8
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 9,320

Rep: Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117
Let me just give you serious technical advice, because I want to show off.

Are your router and modem a single device, or are they two separate devices?

If they're two separate device, it's the router that you think is infected, right?

Have you tried plugging your computer directly into the modem, via ethernet, instead of using the router's wifi? That would at least confirm whether there's a problem with (just) the router.

Last edited by dugan; 08-26-2019 at 07:46 PM.
 
1 members found this post helpful.
Old 08-26-2019, 09:46 PM   #9
JJJCR
Senior Member
 
Registered: Apr 2010
Posts: 1,643

Rep: Reputation: 278Reputation: 278Reputation: 278
Just to add my 2 cents on this.

a. Get a trusted friend, relative or anyone to examine your home network or office network. Of course they must have a knowledge in IT.

b. If you purchase a router buy a good one I mean like "Cisco", Netgear etc. (change the admin password before you make it online)

c. They won't be able to get into your system so easily unless there is an insider, insider could be a person or a device already infected and whatever things you do it will always stay unless that device is clean. (devices like smart phone, smart TV or any thing that can be accessed via network, thumb drive, hard disk, old files)

d. Change habit, if you love to always visit a site full of malware or viruses (porn, torrent etc.) then i guess it will keep coming back

e. Make peace with your neighbor.

If you suspect the router is infected within 10 seconds, then the firmware is compromised. Meaning no matter how you reset it, it will always be there.
 
Old 08-26-2019, 10:46 PM   #10
lynxlyon2
LQ Newbie
 
Registered: Aug 2019
Posts: 6

Original Poster
Rep: Reputation: 0
thank you for the wonderful answers!

In recent days, I lost my email account (I can't log back in), passwords, and the rest. I even lost my paypal account, but I got that reset. I also forgot my password for linuxforums, so i created a new account here.

okie, will try that
 
Old 08-27-2019, 08:16 AM   #11
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 22,217

Rep: Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962
Quote:
Originally Posted by lynxlyon2 View Post
thank you for the wonderful answers!
In recent days, I lost my email account (I can't log back in), passwords, and the rest. I even lost my paypal account, but I got that reset. I also forgot my password for linuxforums, so i created a new account here.

okie, will try that
Right...I'm sure the 'moron' re-routed you, and stole all of them, right? Sorry, but you just don't have any problems anyone here can solve....seek professional help. Opening multiple accounts and filling the forums with baseless junk does no one any good. Anyone looking for real technical advice would get VERY confused reading your numerous threads, because there just isn't anything there.

Again: POST PROOF. Tell us what evidence you have (and POST IT) that you have been 'hacked in 10 seconds' and 're-routed'. You claim to "know" this....how??? If you can't or won't answer, there is ZERO we can help you with.
 
Old 08-27-2019, 04:09 PM   #12
rnturn
Senior Member
 
Registered: Jan 2003
Location: Illinois (SW Chicago 'burbs)
Distribution: Currently: openSUSE, Raspbian, Slackware. Formerly: CentOS, MacOS, Red Hat. Other: Solaris, Tru64
Posts: 1,670

Rep: Reputation: 202Reputation: 202Reputation: 202
Quote:
Originally Posted by lynxlyon2 View Post
So, my router is infected and the moron next door has my wifi info, and admin passwords. He can get in in under 10 seconds by now.
Has your neighbor repeatedly been able to break into your router using the admin passwords after you've changed them?

At a minimum, I'd:
  • Not use the WiFi available on the router that your ISP supplies. You may be able to connect to the ISP's router and disable the WiFi access on it. If you can, do it.
  • Run -- don't walk -- to the nearest computer store and pick up another WiFi router for you network.

then
  • Change the admin password for the new router. If you're still using the factory default password -- "admin/secret" or whatever -- that may be your source of break-ins. When choosing a new password for admin access, use as long a password as it'll accept. Use a password generator (such as the one in KeyPassX or others) or the xkcd password generator. If you use the latter, I'd still put it into a password vault like KeyPassX just so you don't have to manually enter it each time. (If you forget this one, you'll need to find that paper clip and press the button that sets the router back to the factory defaults, login in using the original admin password, and reset the password again.)
  • Change the SSID for the WiFi; don't set it to anything similar to what you have previously used (Try "FBI CyberCrimes Unit" and see if that helps. :^D ) Yes... it's security through security and any cellphone app that can see WiFi SSIDs will eventually reveal it but why make it easy.
  • Make the WiFi access password long and difficult to crack. Again, make it as long as possible. (Using your password vault's generator or whatever hard password generation method you prefer.)
  • If your router/WiFi allows it, I'd allow WiFi connections only from specific MAC addresses.

If this problem persists, I'd contact the authorities. What your neighbor is doing is patently illegal.

Good luck...
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Crazy Attack on Network. Infected Router, Phones, and PC's slicktrail Linux - Security 5 12-25-2016 12:55 AM
How can I find, Which part of my system are infected or injected? [OT] fakie_flip Linux - Security 2 02-14-2015 11:42 AM
[SOLVED] Displaying the contents of buffers in a protected and non-protected critical section mashhype Programming 5 11-22-2010 10:41 PM
Stopping/Blocking PCs infected with MS BLASTER Worm (RH 6 Gateway/Router) smartcard Linux - Security 1 11-06-2003 02:02 PM
Am I infected? Router stops routing... armoredarena Linux - Networking 3 11-19-2002 05:39 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:26 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration