Privacy

43822 readers

558 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

How do I check my router for malware? (lemmy.ml)

submitted 2 weeks ago by HiddenLayer555@lemmy.ml to c/privacy@lemmy.ml

18 comments fedilink hide all child comments

I have a store bought consumer router connected to my ISP's router which is in bridge mode, and it's one of the few remaining proprietary mystery boxes in my network that I don't know how to audit. I recently made a post about whether I should switch to PFsense, and this was one of my motivations (though I forgot to mention it in that post).

Is there an effective way to check whether my router is part of a Mirai botnet or some other malware that scanned the internet and found some vulnerability in my router? As far as I know, once infected, things like updating the firmware or pressing the reset button aren't guaranteed to remove it because it can just take control of those processes and persist. In my specific configuration, can malware from the internet even see my main router or just the ISP router it's connected to?

In my threat model, I'm most concerned about my local traffic to and from my server being exfiltrated by some cybercrime group as a lot of it is HTTP or HTTP proxy data. Not so much general internet bound traffic which is usually HTTPS or VPN. Obviously I don't want to be "participating" in botnet attacks or other cybercrime infrastructure either.

you are viewing a single comment's thread
view the rest of the comments

[–] Vinny_93@lemmy.world 1 points 2 weeks ago

I'm not familiar with how malware like that masks but you can pretty much find any traffic with a tool like WireShark. It's just a matter of finding out how processes recreate themselves once killed.

If something lives in the storage of your router, specifically, I'd see about formatting the storage and flashing new firmware. As you stated, that may not solve anything.

Regardless of how they enter and what is installed where, once it's inside your home network it can pretty much access anything. If you wanna be fully secure you'd need a firewall and just block any traffic you don't specifically whitelist. As you can imagine, this is cumbersome.

Are you worried that something has infected your network devices? Do you have any reason to suspect something? In some countries, ISPs do some passive monitoring on what goes in and out of your home and if they see anything untoward they'll disable that bridge device and notify you.