Can 1.2.3 be infected with a virus



  • I found a werid set of DNS enties on my firewall and my PC.  I traced it to a virus on my PC that affects DNS and then push spam out.  I found the DNS changed on the firewall as well.

    I have never had this happen.  I had a power supply failure and I am running on Netgear FVS114.  Until I can  replace the powersupply.

    Any thoughts if the firewall could have gotten infected.  My pc was running ar 50% on one core and the firewall was holding steady at 20%.

    Anythoughts?
    RC



  • If your PC is owned and you manage your firewall from it, it's theoretically possible the same person controlling your PC could have reconfigured your firewall. Or malware may come with built in capabilities to detect a login to your default gateway, and then knowing what the firewall is and what your password is, reconfigure it on the fly. I haven't heard of anything like that though.

    If you were managing the firewall from a compromised system, I would reinstall and reconfigure from scratch, using a different password. There almost certainly wouldn't be any malware on the firewall itself, but if you entered your password on a compromised host, anything is possible.



  • Thanks, I think that is exactly what happened.  I ended up restoring to a previous of my OS.  I guess once I get my XenServer machine fixed I just rebuild to 1.2.3 or 2.0 as a firewall.  I not in any hurray, no money for new power supply.
    RC



  • I cleaned up and repaired my Xenserver this morning.  Should I go with complete rebuild to make sure the the server is not infected.

    Should I use 2.0 or go with 1.2.3?  I just trying to figure out what to do.
    RC


  • Banned

    Complete rebuild with 1.2.3…



  • Would it be any benefit to fire it up log enough to get the config file? print it out instead of it loading it.
    RC



  • If you are really worried about it, then you should probably rebuild everything from scratch including the config.  I believe DNS settings will come with the config.



  • Also, just in case, make sure UPnP is disabled.


Log in to reply