Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can 1.2.3 be infected with a virus

    Scheduled Pinned Locked Moved 1.2.3-PRERELEASE-TESTING snapshots - RETIRED
    8 Posts 5 Posters 4.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fastcon68
      last edited by

      I found a werid set of DNS enties on my firewall and my PC.  I traced it to a virus on my PC that affects DNS and then push spam out.  I found the DNS changed on the firewall as well.

      I have never had this happen.  I had a power supply failure and I am running on Netgear FVS114.  Until I can  replace the powersupply.

      Any thoughts if the firewall could have gotten infected.  My pc was running ar 50% on one core and the firewall was holding steady at 20%.

      Anythoughts?
      RC

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        If your PC is owned and you manage your firewall from it, it's theoretically possible the same person controlling your PC could have reconfigured your firewall. Or malware may come with built in capabilities to detect a login to your default gateway, and then knowing what the firewall is and what your password is, reconfigure it on the fly. I haven't heard of anything like that though.

        If you were managing the firewall from a compromised system, I would reinstall and reconfigure from scratch, using a different password. There almost certainly wouldn't be any malware on the firewall itself, but if you entered your password on a compromised host, anything is possible.

        1 Reply Last reply Reply Quote 0
        • F
          fastcon68
          last edited by

          Thanks, I think that is exactly what happened.  I ended up restoring to a previous of my OS.  I guess once I get my XenServer machine fixed I just rebuild to 1.2.3 or 2.0 as a firewall.  I not in any hurray, no money for new power supply.
          RC

          1 Reply Last reply Reply Quote 0
          • F
            fastcon68
            last edited by

            I cleaned up and repaired my Xenserver this morning.  Should I go with complete rebuild to make sure the the server is not infected.

            Should I use 2.0 or go with 1.2.3?  I just trying to figure out what to do.
            RC

            1 Reply Last reply Reply Quote 0
            • S
              Supermule Banned
              last edited by

              Complete rebuild with 1.2.3…

              1 Reply Last reply Reply Quote 0
              • F
                fastcon68
                last edited by

                Would it be any benefit to fire it up log enough to get the config file? print it out instead of it loading it.
                RC

                1 Reply Last reply Reply Quote 0
                • V
                  vorgusa
                  last edited by

                  If you are really worried about it, then you should probably rebuild everything from scratch including the config.  I believe DNS settings will come with the config.

                  1 Reply Last reply Reply Quote 0
                  • B
                    brah
                    last edited by

                    Also, just in case, make sure UPnP is disabled.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.