Bios rootkit infection detected with dd wrt and open wrt?

[R-T-B]

R-T-B saw this 1 time in 2019 i think, you'd have to be Jerry Epstein, John McAfee to be attacked.

Not sure about that level, but if you have a multimillion net worth, start thinking about this more.

 

[eidairaman1]

Not sure about that level, but if you have a multimillion net worth, start thinking about this more.

Examples of "targets" that had tons of cash and certain dirty info on certain people.

 

[Mussels]

Oh and i forgot to address the question in the title about a router OS being able to detect these attacks

1. The router has to be programmed to recognise the traffic, meaning it's gotta be a previously known and identified attack
2. the router needs enough CPU power and RAM (and advanced programming) to sniff out the ports used by the known attack, and verify it's an attack and not legitimate traffic
3. The only way a lightweight device can do this is by taking samples of the data and submitting it to someone else (like antivirus do) to be manually checked, and that wont be cheap OR secure for important people and businesses

 

[eidairaman1]

Oh and i forgot to address the question in the title about a router OS being able to detect these attacks

1. The router has to be programmed to recognise the traffic, meaning it's gotta be a previously known and identified attack
2. the router needs enough CPU power and RAM (and advanced programming) to sniff out the ports used by the known attack, and verify it's an attack and not legitimate traffic
3. The only way a lightweight device can do this is by taking samples of the data and submitting it to someone else (like antivirus do) to be manually checked, and that wont be cheap OR secure for important people and businesses

Herustics i guess is only way...

 

[R-T-B]

Examples of "targets" that had tons of cash and certain dirty info on certain people.

Not saying they didn't qualify, just saying just having tons of money will also get you there. You don't have to be famous necessarily. Just someone needs to want something you have, bad.

 

[antirootkitbios]

Oh and i forgot to address the question in the title about a router OS being able to detect these attacks

1. The router has to be programmed to recognise the traffic, meaning it's gotta be a previously known and identified attack
2. the router needs enough CPU power and RAM (and advanced programming) to sniff out the ports used by the known attack, and verify it's an attack and not legitimate traffic
3. The only way a lightweight device can do this is by taking samples of the data and submitting it to someone else (like antivirus do) to be manually checked, and that wont be cheap OR secure for important people and businesses

can i transform an intel i7 computer into a dedicated router with dd wrt>? it will have enough cpu and ram to act as a super firewall, could be that possible?
make a full dd wrt computer sounds like a challenge >o

my computer has 3 ethernet cards

 

[Mussels]

can i transform an intel i7 computer into a dedicated router with dd wrt>? it will have enough cpu and ram to act as a super firewall, could be that possible?
make a full dd wrt computer sounds like a challenge >o

my computer has 3 ethernet cards

you can definitely turn PC's into high end firewalls/routers

13 Best Open Source Router OS for Small to Large Networks (2021) (networkstraining.com)

i think i recall using PFsense years ago, but routers got better and i havent bothered since

 

[R-T-B]

you can definitely turn PC's into high end firewalls/routers

13 Best Open Source Router OS for Small to Large Networks (2021) (networkstraining.com)

i think i recall using PFsense years ago, but routers got better and i havent bothered since

I actually run a windows firewall/router on my network using RRAS.

But I do it mostly to stay sharp on Windows Server, because honestly, it's a major PITA. PFSense is what I'd advise.

And you'll need to know malware specifics, such as what IP's it calls home to, etc. Without that it'll be useless.

PS: To give you an idea of how high level these types of attacks are, my last client with this got it from... his cable node, which had been compromised and specifically in such a way as to redirect common urls to specific malware packages made for him. Police were involved, as mentioned. I know nothing beyond that it was some real shit, as once the police entered the picture they wanted the frog gone. I still have a big box of my stuff they sent back, I had tried (like you) to help him with a DD-WRT router and new hardware, only to learn that the new hardware would quickly get reinfected as did the router itself. That's when I started looking at logs and discoverd the origin was false routing tables , sites, certificates etc at his node.

My client specifically authorized sharing nonspecific technical details by the way in exchange for services (in the name of "research" at the time because I was curious) so this isn't any big secret.

 

[Athlonite]

can i transform an intel i7 computer into a dedicated router with dd wrt>? it will have enough cpu and ram to act as a super firewall, could be that possible?
make a full dd wrt computer sounds like a challenge >o

my computer has 3 ethernet cards

Why would you need to do that what are you really afraid of are you a nuclear reactor designer a rocket scientist or a terrorist trying to hide from the govt's of the world or some such I mean what is it that's on your PC that makes you think some malicious person or govt entity is going to go through all that hard effort to try and flog a few cat videos or step mom porn pics from your PC's hard drive

 

[R-T-B]

Why would you need to do that what are you really afraid of are you a nuclear reactor designer a rocket scientist or a terrorist trying to hide from the govt's of the world or some such I mean what is it that's on your PC that makes you think some malicious person or govt entity is going to go through all that hard effort to try and flog a few cat videos or step mom porn pics from your PC's hard drive

If he really is high profile, he'd be an idiot to tell you.

But on the other hand, I haven't seen any evidence to suggest infection, so... I really do feel this is a case of paranoia without further evidence. Sorry.

 

[Mussels]

I agree, he could be high profile or high risk (secret bitcoin millionaire or whatever) and sharing that increases the risk.

That's fine, it's plausible.

But... this is just not something a single person or home user can do. For that level of security, keep a device offline. no wireless connections at all. Including the power cord when you aint on it.

 

[Frick]

I actually run a windows firewall/router on my network using RRAS.

But I do it mostly to stay sharp on Windows Server, because honestly, it's a major PITA. PFSense is what I'd advise.

And you'll need to know malware specifics, such as what IP's it calls home to, etc. Without that it'll be useless.

PS: To give you an idea of how high level these types of attacks are, my last client with this got it from... his cable node, which had been compromised and specifically in such a way as to redirect common urls to specific malware packages made for him. Police were involved, as mentioned. I know nothing beyond that it was some real shit, as once the police entered the picture they wanted the frog gone. I still have a big box of my stuff they sent back, I had tried (like you) to help him with a DD-WRT router and new hardware, only to learn that the new hardware would quickly get reinfected as did the router itself. That's when I started looking at logs and discoverd the origin was false routing tables , sites, certificates etc at his node.

My client specifically authorized sharing nonspecific technical details by the way in exchange for services (in the name of "research" at the time because I was curious) so this isn't any big secret.

Yeah I remember that. Excellent work on your end, it was very interesting to follow. "The new hardware is infected too? Uh oh."

 

[R-T-B]

I agree, in a strange way it was an honor to be a part of what I consider to be a historic case.

Not sure the people who are infected feel that way though. And I do feel that unfortunately, it's spawned some unneccesary paranoia.

 

[antirootkitbios]

Why would you need to do that what are you really afraid of are you a nuclear reactor designer a rocket scientist or a terrorist trying to hide from the govt's of the world or some such I mean what is it that's on your PC that makes you think some malicious person or govt entity is going to go through all that hard effort to try and flog a few cat videos or step mom porn pics from your PC's hard drive

nono, i was hacked 5 times, last time, for a be a good player in tera, i beat some records, that made mad some people, anyway, tera na is closed, and that was a some years ago, i was planning to play again and mmorpg, and i want to close all the internet, except the IP and Port related to that mmorpg, and an ip to streamming to youtube and twitch

thanks for this conversation people, i found how to make a firewall with dd wrt and a computer, ill began with that.

 

[MentalAcetylide]

nono, i was hacked 5 times, last time, for a be a good player in tera, i beat some records, that made mad some people, anyway, tera na is closed, and that was a some years ago, i was planning to play again and mmorpg, and i want to close all the internet, except the IP and Port related to that mmorpg, and an ip to streamming to youtube and twitch

thanks for this conversation people, i found how to make a firewall with dd wrt and a computer, ill began with that.

Tera? I can't imagine people getting that bent out of shape over records and going after you with rootkits. That game is nearly a decade old and has gone to shit. I played it on the PC off & on for like 2 years and just gave up since most of the players online just stand around in the main city doing nothing, and all of the higher end content requires groups where everyone knows what they're doing.
More than likely you downloaded and installed a mod for the game that had a trojan/virus. In particular, they had nude mods for the female characters iirc, so that probably explains why I saw so many noob female characters in the starter zones just doing nothing...
Overall, its just another Black Desert Online... much eye candy and little in the way of being an MMORPG unless you like repetitive done to death.

You probably need to re-evaluate your online habits. If you're viewing/downloading porn, installing illegal/unsupported game mods, accepting files from others you don't know, visiting questionable links, these things are bound to happen. Deep Freeze by Faronics is good for protecting computer configs & settings and against most malware by simply rebooting. I know of at least one college that uses it to avoid the IT nightmare of stupid people messing around on the campus computers. Nevertheless, it won't protect against rootkits or other malware specifically designed to get past reboot-to-restore software, and its not going to protect you from data theft.

 

[R-T-B]

Another common thing to infect these days is outdated modems/routers. I find that more plausible for your scenario frankly, for a real old modem an attacker really only needs your ip. That can do a doozy on your whole network, reinfect hardware, all without doing anything to uefi/firmware.

The answer to fixing that of course is to not use ancient network hardware. DD-WRT is a good option for routers too.

 

[Mussels]

Umm, what hack methods did they use? How was your network breached?


If they just guessed passwords or caught you with phishing, nothing you do in your home network will change a thing.

 

[eidairaman1]

nono, i was hacked 5 times, last time, for a be a good player in tera, i beat some records, that made mad some people, anyway, tera na is closed, and that was a some years ago, i was planning to play again and mmorpg, and i want to close all the internet, except the IP and Port related to that mmorpg, and an ip to streamming to youtube and twitch

thanks for this conversation people, i found how to make a firewall with dd wrt and a computer, ill began with that.

If you have a static IP, have it changed to dynamic

 

[antirootkitbios]

Tera? I can't imagine people getting that bent out of shape over records and going after you with rootkits. That game is nearly a decade old and has gone to shit. I played it on the PC off & on for like 2 years and just gave up since most of the players online just stand around in the main city doing nothing, and all of the higher end content requires groups where everyone knows what they're doing.
More than likely you downloaded and installed a mod for the game that had a trojan/virus. In particular, they had nude mods for the female characters iirc, so that probably explains why I saw so many noob female characters in the starter zones just doing nothing...
Overall, its just another Black Desert Online... much eye candy and little in the way of being an MMORPG unless you like repetitive done to death.

You probably need to re-evaluate your online habits. If you're viewing/downloading porn, installing illegal/unsupported game mods, accepting files from others you don't know, visiting questionable links, these things are bound to happen. Deep Freeze by Faronics is good for protecting computer configs & settings and against most malware by simply rebooting. I know of at least one college that uses it to avoid the IT nightmare of stupid people messing around on the campus computers. Nevertheless, it won't protect against rootkits or other malware specifically designed to get past reboot-to-restore software, and its not going to protect you from data theft.

i began to play that game due my girlfriend, i didnt want to play it, but when she left, i began to play all day haha, i was terrible, and i was insulted for be so bad in the game, and when i became really good in the game, new haters arrived... haters that doesnt like you to be good in the game, and this is the interesting part, if you are bad playing, you get insults, but if you are good in a game, then you began to be accused first, of cheating, next, a lot of haters, and then, finally, the supreme hater, the one that hacks your account

i miss the old internet, i used to play ultima online official server, and it was a very nice place to meet and talk with a lot of people, diablo 2 in the beggining too, helbreath international also, but was maybe in 2008 when everything began to change

in 2001 i was hacked in battle net due a mistake, i started a game through TCP IP, hosting a server through battle .net tool, i didnt know in that momment that my computer was going to be a server haha

who hacked me in tera told me this

we went into a party to do a boss, guess when we go in that mode we are in a node or something, then they can track better the ips, then when we went in the final boss, he told me that he is hacking me remotly, then he was in my computer, passed my firewall, passed everything, he also, moved my mouse to make me die

that was the last die that i played tera, i loved that game, and i was really good, but this guy, made me think how vulnerable internet its, for kids, young girls, young boys

if someoneday i have a kid and he plays a mmorpg, i will buy to him a computer just for that, and other for personal things, nice to see someone that played tera


update about the post: i already mounted a firewall computer, and im playing with iptables in ssh and others things

thanks for all the help people, have a nice week!

If you have a static IP, have it changed to dynamic

i have 3 ISP here, but the problem is, when you log in in a video game, your log in IP is recorded, example, lineage 2 classic, guess was the same with tera, anyway, tera in that year had many vulnerabilities, after i was hacked, someone did a global hack uploading something in the chat general window, i dont really know how many others vulnerabilities tera had, or maybe i was hacked through my youtube channel and twitch live streamming? i had 3 things opened when that happened

twtich streamming
youtube streamming

and tera
i still have the video of that day due while xplit streams, it also makes a video in my hard drive, i have both, the streaming and the hard drive video
was an interesting experience, and is real, you can have a firewall, but if you have something installed, that can create a backdoor, no firewall or antivirus will protect you

guess they found a vulnerability in twtich, youtube, or that game, probabbly that game, youtube and twtich are giant companies, i really doubt the vulnerability was there, more, with that i said about that vulnerability in tera chat days after i was hacked

if there is a game that i will always want to play again will be tera, i hope it be a tera 2 or something

good luck all! and thanks for the help

Umm, what hack methods did they use? How was your network breached?


If they just guessed passwords or caught you with phishing, nothing you do in your home network will change a thing.

my network was fine, at least is what i believe, i didnt have dd wrt, i had cisco default firewall, problem was they found a vulnerability in tera, or in twtich or in youtube, we are talking about like 5 or 6 years ago, probabbly that is fixed now, a lot of time passed

if it was as i think, the problem was an app, not cisco firewall or windows firewall

 

[Mussels]

That person likely hacked your *game* server, not your PC or anything locally. Think someone using an aimhack or wallhack - a temporary thing that altered network data, and nothing more.

It's a lot easier to fuck with netcode of a game and move a player around in the game and get them killed by another player in the session, than it is to hack a PC or do anything actually dangerous to your security.

 

[eidairaman1]

i began to play that game due my girlfriend, i didnt want to play it, but when she left, i began to play all day haha, i was terrible, and i was insulted for be so bad in the game, and when i became really good in the game, new haters arrived... haters that doesnt like you to be good in the game, and this is the interesting part, if you are bad playing, you get insults, but if you are good in a game, then you began to be accused first, of cheating, next, a lot of haters, and then, finally, the supreme hater, the one that hacks your account

i miss the old internet, i used to play ultima online official server, and it was a very nice place to meet and talk with a lot of people, diablo 2 in the beggining too, helbreath international also, but was maybe in 2008 when everything began to change

in 2001 i was hacked in battle net due a mistake, i started a game through TCP IP, hosting a server through battle .net tool, i didnt know in that momment that my computer was going to be a server haha

who hacked me in tera told me this

we went into a party to do a boss, guess when we go in that mode we are in a node or something, then they can track better the ips, then when we went in the final boss, he told me that he is hacking me remotly, then he was in my computer, passed my firewall, passed everything, he also, moved my mouse to make me die

that was the last die that i played tera, i loved that game, and i was really good, but this guy, made me think how vulnerable internet its, for kids, young girls, young boys

if someoneday i have a kid and he plays a mmorpg, i will buy to him a computer just for that, and other for personal things, nice to see someone that played tera


update about the post: i already mounted a firewall computer, and im playing with iptables in ssh and others things

thanks for all the help people, have a nice week!


i have 3 ISP here, but the problem is, when you log in in a video game, your log in IP is recorded, example, lineage 2 classic, guess was the same with tera, anyway, tera in that year had many vulnerabilities, after i was hacked, someone did a global hack uploading something in the chat general window, i dont really know how many others vulnerabilities tera had, or maybe i was hacked through my youtube channel and twitch live streamming? i had 3 things opened when that happened

twtich streamming
youtube streamming

and tera
i still have the video of that day due while xplit streams, it also makes a video in my hard drive, i have both, the streaming and the hard drive video
was an interesting experience, and is real, you can have a firewall, but if you have something installed, that can create a backdoor, no firewall or antivirus will protect you

guess they found a vulnerability in twtich, youtube, or that game, probabbly that game, youtube and twtich are giant companies, i really doubt the vulnerability was there, more, with that i said about that vulnerability in tera chat days after i was hacked

if there is a game that i will always want to play again will be tera, i hope it be a tera 2 or something

good luck all! and thanks for the help


my network was fine, at least is what i believe, i didnt have dd wrt, i had cisco default firewall, problem was they found a vulnerability in tera, or in twtich or in youtube, we are talking about like 5 or 6 years ago, probabbly that is fixed now, a lot of time passed

if it was as i think, the problem was an app, not cisco firewall or windows firewall

Dynamic ip changes