Router Credential hackers Keylogger
-
@michmoor I was reviewing the compromised pc article and videos on how to "lock down" the compromised pc. I'd junk it personally. You buy a firewall to make sure you're traffic is clean. I need to create rules and or use a IDS. That's what I was asking about.
-
@smoses said in Router Credential hackers Keylogger:
You buy a firewall to make sure you're traffic is clean
No. As i said a firewall isnt a magic box. You think that it is part of the problem here.
Again, you have a compromised host(s). You don't want to fix it. You want to put an IPS solution around it which doesn't make a lot of sense.
If you dont want to at least fix the problem but address the fact that your host is infected than im not sure what more any one here in the forums can do. I wish you the best of luck but my advice, to state it again, take the computer off the network. Run virus/malware scans. Best solution is to reformat. -
@michmoor Agreed. The solution is isolate the infected host and treat.
Don't burn the entire city to the ground because one resident has a case of measles.
-
@rcoleman-netgate Yep. that follows you also I believe. The comment doesn't state that. It states "rubber fetish". Gun to your head.
-
@smoses said in Router Credential hackers Keylogger:
Your post is gross and has sexual content in it
A rubber duckie is a hacking tool.
As for their other comment... while it might be a little bit extreme/excessive it is not intended in the manner you are interpreting it.
I suggest you ignore any user whose answers you do not like and simply not engage with them.
-
@rcoleman-netgate I acknowledged that and posted looking for specifics. Video, articles, etc. I don't need help diagnosing it, just fixing it. If it can. Blocking everything except normal traffic. Egress filtering, whatever.
-
@rcoleman-netgate a rubber fetish is not the same as rubber duckie. With gun to the head, it's completely unnecessary. The user's fault. Not mine.
-
@smoses
Ok...Very well.https://docs.netgate.com/pfsense/en/latest/firewall/index.html#firewall
Fantastic documentation can be found at the link above. Everything you need in order to create firewall rules and to isolate hosts if required.
I also recommend the following link. Although it shows Snort, the instructions work just as well for Suricata.
https://docs.netgate.com/pfsense/en/latest/packages/snort/index.html#ids-ips
-
@SteveITS for some reason it's affecting the AMD pc more than the Pentium. Completely differently. Specifically, it IS affecting the AMD's bios, registry and files that aren't on the Pentium pc on the same network. Thanks for responding.
-
@smoses said in Router Credential hackers Keylogger:
Blocking everything except normal traffic. Egress filtering, whatever.
You're looking, then, for IDS/IPS. Like Snort and Suricata. There's a section of the forum for that, too.
-
@rcoleman-netgate That will automatically get rid of the router credentials keylogger and form? The IDS? Is that a guaranteed thing?
-
@smoses Nothing in the world is a guarantee. You said you want to do egress filtering. That's where you should be.
-
@rcoleman-netgate The only guarantee is to remove the compromised pc completely off the network, right?
-
@smoses Yes, like I said earlier...
@rcoleman-netgate said in Router Credential hackers Keylogger:
@michmoor Agreed. The solution is isolate the infected host and treat.
-
@rcoleman-netgate I only asked as I'm showing it to educate the person who insists on using it. I'm aware of it.