I have a store bought consumer router connected to my ISP’s router which is in bridge mode, and it’s one of the few remaining proprietary mystery boxes in my network that I don’t know how to audit. I recently made a post about whether I should switch to PFsense, and this was one of my motivations (though I forgot to mention it in that post).
Is there an effective way to check whether my router is part of a Mirai botnet or some other malware that scanned the internet and found some vulnerability in my router? As far as I know, once infected, things like updating the firmware or pressing the reset button aren’t guaranteed to remove it because it can just take control of those processes and persist. In my specific configuration, can malware from the internet even see my main router or just the ISP router it’s connected to?
In my threat model, I’m most concerned about my local traffic to and from my server being exfiltrated by some cybercrime group as a lot of it is HTTP or HTTP proxy data. Not so much general internet bound traffic which is usually HTTPS or VPN. Obviously I don’t want to be “participating” in botnet attacks or other cybercrime infrastructure either.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 108 users / day
- 435 users / week
- 1.32K users / month
- 4.54K users / 6 months
- 1 subscriber
- 4.51K Posts
- 114K Comments
- Modlog
What router?
Point Shodan or grey noise or something at your public ip. Find your public ip by disabling your computers vpn, asking google what your public ip is then comparing that to the address shown at your routers wan interface.
Another person said to just update it. Just update it. But before you do:
Look at freshtomato, openwrt, pfsense etc to see if any of the open firmwares support your hardware. You may like them better.
About the best you can do without opening it up, finding a uart and watching is to put a device you control between it and the isp device.