New
#11
YouTube creators have sure made the word "RAT" a household name.
If your router is infected (very real possibility) it's not called a RAT. I don't remember the name off hand but it's like a backdoor/stepping stone. What a hacker will do is that if you have a port open (usually due to the dumb ISP) they can scan it and see if it's vulnerable to new firmware code. I think it's small and in the bootloader.
Turn off UPnP.
Don't use port forwarding. Instead, use a service like ZeroTier One and the likes.
If you need port forwarding, learn how to use pfSense or OPNsense.
Change the default router username and password to something else.
Stay abreast of any and all router firmware updates. Many people pay homage to the Microsoft patch Tuesday god and never pay attention to the one big machine: a router or modem.
If you know how, use a third-party router firmware like Asus Merlin, DD-WRT and the likes. Keep it updated.
If you wanna help know if perhaps your router is infected, then take your external WAN IP and search at the following three websites. If Shodan or Census shows an open port you may have issues. But it is common for some ISPs to have an open port on their equipment. But then again, that open port can be used to infect your router if it's vulnerable.
Shodan Search Engine
Censys.io.
GreyNoise Visualizer (If you see activity here with your IP, contact your ISP and let them know ASAP)
(Same with the website) AlienVault - Open Threat Exchange
All in all, if you're that concerned about it, reflash the router per manufacturer's instructions. Or use that new router you talked about and keep its firmware updated.
And another. See anything here with your IP, contact your ISP ASAP. AbuseIPDB - IP address abuse reports - Making the Internet safer, one IP at a time
Quote
