Privacy

43836 readers

353 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

How do I check my router for malware? (lemmy.ml)

submitted 2 weeks ago by HiddenLayer555@lemmy.ml to c/privacy@lemmy.ml

18 comments fedilink hide all child comments

I have a store bought consumer router connected to my ISP's router which is in bridge mode, and it's one of the few remaining proprietary mystery boxes in my network that I don't know how to audit. I recently made a post about whether I should switch to PFsense, and this was one of my motivations (though I forgot to mention it in that post).

Is there an effective way to check whether my router is part of a Mirai botnet or some other malware that scanned the internet and found some vulnerability in my router? As far as I know, once infected, things like updating the firmware or pressing the reset button aren't guaranteed to remove it because it can just take control of those processes and persist. In my specific configuration, can malware from the internet even see my main router or just the ISP router it's connected to?

In my threat model, I'm most concerned about my local traffic to and from my server being exfiltrated by some cybercrime group as a lot of it is HTTP or HTTP proxy data. Not so much general internet bound traffic which is usually HTTPS or VPN. Obviously I don't want to be "participating" in botnet attacks or other cybercrime infrastructure either.

you are viewing a single comment's thread
view the rest of the comments

[–] hansolo@lemmy.today 16 points 2 weeks ago* (last edited 2 weeks ago) (4 children)

Rather than test, why not just get the firmware from the manufacturer's site and flash the same firmware? Or update if there's something new?

[–] HiddenLayer555@lemmy.ml 5 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Wouldn't the old firmware still have to respond to and perform the flashing request? For example reading from a USB drive? Is it more likely to overwrite potentially malicious code compared to the reset button or automatic updates from the web admin panel?

[–] hansolo@lemmy.today 2 points 2 weeks ago

Good question, I expect it would depend on the router manufacturer.

load more comments (2 replies)