# Bios rootkit infection detected with dd wrt and open wrt?



## antirootkitbios (Jul 10, 2021)

i think we can detect bios infections with dd wrt, monitoring conections in idle, anyone has something more advanced? maybe an ethernet conection with another computer checking with wire shark?
but i need to do a check into the bios, booting it, or with a linux, or something, any suggestions?


----------



## R-T-B (Jul 10, 2021)

Highly unlikely.
Bios rootkit infections are real, but exceedingly rare and reserved for high value targets.  I can assure you, your porn does not qualify.


----------



## antirootkitbios (Jul 10, 2021)

R-T-B said:


> Highly unlikely.
> Bios rootkit infections are real, but exceedingly rare and reserved for high value targets.  I can assure you, your porn does not qualify.


but, i was wondering how could we detect a bios rootkit infection

maybe with a router detecting conections in an idle os? such as a clean linux ? any suggestions?


----------



## R-T-B (Jul 10, 2021)

Any clean router system with wireshark or similar will show anamolous behavior.  Alternatively, professional analysis of the firmware dumps can prove infection.  Neither is something the average home user can do, unfortunately.


----------



## antirootkitbios (Jul 10, 2021)

R-T-B said:


> Any clean router system with wireshark or similar will show anamolous behavior.  Alternatively, professional analysis of the firmware dumps can prove infection.  Neither is something the average home user can do, unfortunately.


agree with you, i think kaspersky, bitdefender, cisco, should do something together about it

as home user only thing i have is dd wrt and open wrt, but i dont have any other idea of how to check something like that more than monitoring network conections one by one
how much info is an screenshot or even remote desktop, nothing in upload numbers, and advanced hackers will do a remote rootkit for screenshots, not for a permanent remote desktop

i have others things in mind but, it wont work

if there is a rootkit in bios, a deep deep rootkit it will be activated just for collect some info, and not all day, that is if that rootkit doesnt wants to be detected

i was thinking in ISOLATE my domain, and make a proxy to go browse outside internet, but, i dont know if that will be enough

i hope cisco, kaspersky, bitdefender, and some others companies do something together.. i think we will need antivirus for routers, a new antivirus, and they should sell it to ISPs or something
its time to make internet great again


----------



## R-T-B (Jul 11, 2021)

antirootkitbios said:


> agree with you, i think kaspersky,


There's nothing software can really do to override hardware.  It's part of the problem in a nutshell:  they can't really do anything.  At least not with existing uefi facilities.


----------



## RJARRRPCGP (Jul 11, 2021)

I have wondered about Coffee Lake-gen and earlier motherboard BIOSes getting a rootkit malware, because of a critical exploit found in pre-Comet Lake Intel systems.
The exploit was found in 2019, it's a major CSME bug on pre-10th-gen.



			CVE - CVE-2019-0153
		


It gets a whopping 9.8 rating at NIST.


----------



## R-T-B (Jul 11, 2021)

RJARRRPCGP said:


> I have wondered about Coffee Lake-gen and earlier motherboard BIOSes getting a rootkit malware, because of a critical exploit found in pre-Comet Lake Intel systems.
> The exploit was found in 2019, it's a major CSME bug on pre-10th-gen.



If people would actually run their windows update they'd find that exploit patch was pushed out long ago via it.


----------



## RJARRRPCGP (Jul 11, 2021)

R-T-B said:


> If people would actually run their windows update they'd find that exploit patch was pushed out long ago via it.


No go for me with a Coffee Lake laptop, the Intel CSME version checking tool failed it. It requires another UEFI-BIOS update on 9th-gen and earlier, apparently. And because of no BIOS update, I was left out in the cold, despite the laptop wasn't old! Got an indication that the only fix, was to gamble with a random BIOS image and extremely likely brick the laptop! The laptop was banned from my property and sent back! After I couldn't get a CSME update. Windows Update couldn't do diddly squat for the CSME, because there was no updated BIOS!
(last summer)


----------



## R-T-B (Jul 11, 2021)

RJARRRPCGP said:


> No go for me with a Coffee Lake laptop, the Intel CSME version checking tool failed it. It requires another UEFI-BIOS update on 9th-gen and earlier, apparently. And because of no BIOS update, I was left out in the cold, despite the laptop wasn't old! Got an indication that the only fix, was to gamble with a random BIOS image and extremely likely brick the laptop! The laptop was banned from my property and sent back!
> (last summer)


Heck, laptops are always kinda weird with regards to vendor support.  I just know Desktops had the images pushed out via Windows Update.


----------



## RJARRRPCGP (Jul 11, 2021)

R-T-B said:


> Heck, laptops are always kinda weird with regards to vendor support.  I just know Desktops had the images pushed out via Windows Update.


FFS, the support I received, was much shorter than a phone!


----------



## ShiBDiB (Jul 11, 2021)

If this just a hypothetical question or are you worried you are a victim of this attack? Because if it's the latter, I can pretty safely say you're not.


----------



## RJARRRPCGP (Jul 11, 2021)

ShiBDiB said:


> If this just a hypothetical question or are you worried you are a victim of this attack? Because if it's the latter, I can pretty safely say you're not.


I was warned about a critical exploit last summer and got rid of the laptop, because an updated CSME, still wasn't found, even after a BIOS update! Didn't seem hypothetical in my case, when I had a 9th-gen-based laptop last year.


----------



## ShiBDiB (Jul 11, 2021)

RJARRRPCGP said:


> I was warned about a critical exploit last summer and got rid of the laptop, because an updated CSME, still wasn't found, even after a BIOS update! Didn't seem hypothetical in my case, when I had a 9th-gen-based laptop last year.



Unless you're in a career that makes your a target for corporate or foreign espionage, you aren't being targeted by rootkits. Whoever told you to get rid of the laptop is wearing more tinfoil than you are.


----------



## Mussels (Jul 11, 2021)

These kind of attacks have to be custom tailored, so unless you're a high risk target due to wealth or employment, you simply wont run this risk

if you are high risk, this is what device isolation, firewalls, and hiring security people to monitor traffic for anomalies is for

Edit: and i mean "deny by default" firewalls, not the generic 'allow until someone says no' type


----------



## Solaris17 (Jul 11, 2021)

Mussels said:


> These kind of attacks have to be custom tailored, so unless you're a high risk target due to wealth or employment, you simply wont run this risk
> 
> if you are high risk, this is what device isolation, firewalls, and hiring security people to monitor traffic for anomalies is for



This. I think there is another side of the coin people never think about. Most rightfully mention that you as a individual are simply not worth the attack.

However, you have to understand how much "worth" the exploit itself has. They would never waste such an advanced persistent attack on a global botnet. Simply because someone like you, or us or someone* would find it if it was released to the general populace.

Once found it would be reported, analyzed and mitigated.

Thats a massive waste, to gain access to your home depot account. These kinds of attacks take hundreds of man hours to find, craft, test implement, deploy.

To the extent where this is something that would be used against say the NSA which has been hacked before, or another govt/state medium. The ability is worth too much to not only NOT waste it on normal people, but to deploy it on a wide scale.

You are not going to "catch" state sponsored polymorphic malware browsing yahoo.com.


----------



## R-T-B (Jul 11, 2021)

ShiBDiB said:


> Unless you're in a career that makes your a target for corporate or foreign espionage, you aren't being targeted by rootkits. Whoever told you to get rid of the laptop is wearing more tinfoil than you are.


It depends.

If he's connecting to the net with an unfiltered firewall, it actually can be an issue, because CSME has a full webstack.

Nearly no one is though.



Mussels said:


> These kind of attacks have to be custom tailored


Not forever.  Common platforms (UEFI, only two variants of "Management Engines", TPM, etc) make it easier to generalize the attacks these days.  And it's all being pushed in the name of "Hardware Security" like it's some great revelation that will help us be more secure, rather than worse off when exploited.

It genuinely frightens me.


----------



## RJARRRPCGP (Jul 11, 2021)

And I still remember Blaster, just hop on the internet and it only takes some packets to get exploited! Doesn't take a long time to get exploited with 56K without a software firewall that blocks most stuff by default!
I still remember 2003 for that stuff. That was a notorious worm/virus hybrid. It exploits the RPC service and causes it to crash, or the virus merely terminates the RPC service.

I'm mentioning "Blaster", because that one didn't just target companies or a government.


----------



## antirootkitbios (Jul 11, 2021)

ShiBDiB said:


> If this just a hypothetical question or are you worried you are a victim of this attack? Because if it's the latter, I can pretty safely say you're not.


nono, i dont have nothing in my computer, since i know everything can be hacked, nothing stays in my computer more than fake things, when i need to take a look to my personal info i do it offline in an isolated from internet computer, i do this because i was hacked first time on 2001 through battle.net diablo 2 games, in 2008 hosting a mount and blade server, in 2009 joining a private server of ultima online, and in 2016 through an MMORPG with a lot of bugs

but, i was reading about LOJACK virus and some news, then reading also about vpnfilter routers @Default password@ virus, i was wondering how a blackout could be possible
i heard some companies in usa were hacked through hardware devices in chips, also today, ninja cables and the old usb hack, i was wondering how it could be a zero day attack today, a blackout
then, if it is going to be a real blackout, it should be through a bios virus, and ISP devices virus also

then i was thinking in a way of prevent it

since bios can be updated with an .exe, then everything is possible, bios should be updated only through a floppy, never through the OS, for security

but things changed since 2008 i guess

i asked in dd wrt forum and they told me that dd wrt is not for these purpose, then due their answer i guess, we cant detect if a bios is remote infected through dd wrt, i used to think we can, but, they made me understand we cant

but, it is a conection, if you set as slave that computer with bios and CPU infected, and you check the router with another computer, it should display that there is a strange conection to another place in the world...

but, they told me that what im thinking is not possible

im confused after that answer :s



Solaris17 said:


> This. I think there is another side of the coin people never think about. Most rightfully mention that you as a individual are simply not worth the attack.
> 
> However, you have to understand how much "worth" the exploit itself has. They would never waste such an advanced persistent attack on a global botnet. Simply because someone like you, or us or someone* would find it if it was released to the general populace.
> 
> ...


what a nice comment, if my computer is infected in bios, i can sell it through ebay, maybe someone will analyze it to check how that bios virus works, nice idea  or maybe i should give it to authorities xD better


----------



## R-T-B (Jul 11, 2021)

antirootkitbios said:


> if my computer is infected in bios


I have very strong doubts you are unless you have a lot of something to steal, and if you do and suspect you have been targeted, I'll tell you the same thing I told the last person I tried to help with this.

Call the police, because if it's progressed to that they aren't going to stop.


----------



## Mussels (Jul 11, 2021)

R-T-B said:


> It depends.
> 
> If he's connecting to the net with an unfiltered firewall, it actually can be an issue, because CSME has a full webstack.
> 
> ...


They have an attack vector, but then everything spirals out - every little difference between individual systems screws with propogation and infeciton. Different BIOS levels, different settings, different OS mitigitations, different anti virus...

low level attacks are tricky AF. the ones that spread easily and work en-masse are high level attacks aimed at something all systems have in common, hoping enough of a percentage sticks (ex: targeting internet explorer and finding a way to bypass windows defender)


----------



## eidairaman1 (Jul 11, 2021)

R-T-B saw this 1 time in 2019 i think, you'd have to be Jerry Epstein, John McAfee to be attacked.


----------



## Chomiq (Jul 11, 2021)

eidairaman1 said:


> R-T-B saw this 1 time in 2019 i think, you'd have to be Jerry Epstein, John McAfee to be attacked.


And if you were you'd be more afraid of jail cells.


----------



## Athlonite (Jul 11, 2021)

Some of you's are trying to make mountains out of ant hills the likelihood of you getting BIOS Rootkitted malware is about as rare as hens teeth unless ofcourse you're on a NSA,FBI,CIA,DEA or whatever govt security department has you on a watch list and even then it's not likely they'd waste their time and effort using that sort of method to keep tabs on what your doing online there's much easier ways to do so.
So stop fretting as you're needlessly worrying about nothing


----------



## DeathtoGnomes (Jul 11, 2021)

Mussels said:


> Edit: and i mean "deny by default" firewalls, not the generic 'allow until someone says no' type


this, in  combination with something like wireshark, or other port sniffer you  can alteast see where packets are going likely are unencrypted.

most anti-virus cant stop that.

In xp days there was Zone Alarm but they were bought out by (I forget), so no longer a thing. ZA blocked everything until you  allowed it. Oh those annoying sounds too!!!

Tinywall is a deny-by-default firewall. One of the best really.

Peerblock can block IP addresses ( and ports )  incoming and outgoing. This program needs a good successor because its ancient. Also, there is a good size web database of common IPs to block. port blocking, you are on your own there.

There are several other programs I heard about but cant remember names.


----------



## R-T-B (Jul 11, 2021)

eidairaman1 said:


> R-T-B saw this 1 time in 2019 i think, you'd have to be Jerry Epstein, John McAfee to be attacked.


Not sure about that level, but if you have a multimillion net worth, start thinking about this more.


----------



## eidairaman1 (Jul 11, 2021)

R-T-B said:


> Not sure about that level, but if you have a multimillion net worth, start thinking about this more.


Examples of "targets" that had tons of cash and certain dirty info on certain people.


----------



## Mussels (Jul 11, 2021)

Oh and i forgot to address the question in the title about a router OS being able to detect these attacks

1. The router has to be programmed to recognise the traffic, meaning it's gotta be a previously known and identified attack
2. the router needs enough CPU power and RAM (and advanced programming) to sniff out the ports used by the known attack, and verify it's an attack and not legitimate traffic
3. The only way a lightweight device can do this is by taking samples of the data and submitting it to someone else (like antivirus do) to be manually checked, and that wont be cheap OR secure for important people and businesses


----------



## eidairaman1 (Jul 12, 2021)

Mussels said:


> Oh and i forgot to address the question in the title about a router OS being able to detect these attacks
> 
> 1. The router has to be programmed to recognise the traffic, meaning it's gotta be a previously known and identified attack
> 2. the router needs enough CPU power and RAM (and advanced programming) to sniff out the ports used by the known attack, and verify it's an attack and not legitimate traffic
> 3. The only way a lightweight device can do this is by taking samples of the data and submitting it to someone else (like antivirus do) to be manually checked, and that wont be cheap OR secure for important people and businesses


Herustics i guess is only way...


----------



## R-T-B (Jul 12, 2021)

eidairaman1 said:


> Examples of "targets" that had tons of cash and certain dirty info on certain people.


Not saying they didn't qualify, just saying just having tons of money will also get you there.  You don't have to be famous necessarily.  Just someone needs to want something you have, bad.


----------



## antirootkitbios (Jul 12, 2021)

Mussels said:


> Oh and i forgot to address the question in the title about a router OS being able to detect these attacks
> 
> 1. The router has to be programmed to recognise the traffic, meaning it's gotta be a previously known and identified attack
> 2. the router needs enough CPU power and RAM (and advanced programming) to sniff out the ports used by the known attack, and verify it's an attack and not legitimate traffic
> 3. The only way a lightweight device can do this is by taking samples of the data and submitting it to someone else (like antivirus do) to be manually checked, and that wont be cheap OR secure for important people and businesses


can i transform an intel i7 computer into a dedicated router with dd wrt>? it will have enough cpu and ram to act as a super firewall, could be that possible?
make a full dd wrt computer sounds like a challenge >o

my computer has 3 ethernet cards


----------



## Mussels (Jul 12, 2021)

antirootkitbios said:


> can i transform an intel i7 computer into a dedicated router with dd wrt>? it will have enough cpu and ram to act as a super firewall, could be that possible?
> make a full dd wrt computer sounds like a challenge >o
> 
> my computer has 3 ethernet cards


you can definitely turn PC's into high end firewalls/routers

13 Best Open Source Router OS for Small to Large Networks (2021) (networkstraining.com)

i think i recall using PFsense years ago, but routers got better and i havent bothered since


----------



## R-T-B (Jul 12, 2021)

Mussels said:


> you can definitely turn PC's into high end firewalls/routers
> 
> 13 Best Open Source Router OS for Small to Large Networks (2021) (networkstraining.com)
> 
> i think i recall using PFsense years ago, but routers got better and i havent bothered since


I actually run a windows firewall/router on my network using RRAS.

But I do it mostly to stay sharp on Windows Server, because honestly, it's a major PITA.  PFSense is what I'd advise.

And you'll need to know malware specifics, such as what IP's it calls home to, etc.  Without that it'll be useless.

PS:  To give you an idea of how high level these types of attacks are, my last client with this got it from...  his cable node, which had been compromised and specifically in such a way as to redirect common urls to specific malware packages made for him.  Police were involved, as mentioned.  I know nothing beyond that it was some real shit, as once the police entered the picture they wanted the frog gone.  I still have a big box of my stuff they sent back, I had tried (like you) to help him with a DD-WRT router and new hardware, only to learn that the new hardware would quickly get reinfected as did the router itself.  That's when I started looking at logs and discoverd the origin was false routing tables , sites, certificates etc at his node.

My client specifically authorized sharing nonspecific technical details by the way in exchange for services (in the name of "research" at the time because I was curious) so this isn't any big secret.


----------



## Athlonite (Jul 12, 2021)

antirootkitbios said:


> can i transform an intel i7 computer into a dedicated router with dd wrt>? it will have enough cpu and ram to act as a super firewall, could be that possible?
> make a full dd wrt computer sounds like a challenge >o
> 
> my computer has 3 ethernet cards



Why would you need to do that what are you really afraid of are you a nuclear reactor designer a rocket scientist or a terrorist trying to hide from the govt's of the world or some such I mean what is it that's on your PC that makes you think some malicious person or govt entity is going to go through all that hard effort to try and flog a few cat videos or step mom porn pics from your PC's hard drive


----------



## R-T-B (Jul 12, 2021)

Athlonite said:


> Why would you need to do that what are you really afraid of are you a nuclear reactor designer a rocket scientist or a terrorist trying to hide from the govt's of the world or some such I mean what is it that's on your PC that makes you think some malicious person or govt entity is going to go through all that hard effort to try and flog a few cat videos or step mom porn pics from your PC's hard drive


If he really is high profile, he'd be an idiot to tell you.

But on the other hand, I haven't seen any evidence to suggest infection, so...  I really do feel this is a case of paranoia without further evidence.  Sorry.


----------



## Mussels (Jul 12, 2021)

I agree, he could be high profile or high risk (secret bitcoin millionaire or whatever) and sharing that increases the risk.

That's fine, it's plausible.

But... this is just not something a single person or home user can do. For that level of security, keep a device offline. no wireless connections at all. Including the power cord when you aint on it.


----------



## Frick (Jul 12, 2021)

R-T-B said:


> I actually run a windows firewall/router on my network using RRAS.
> 
> But I do it mostly to stay sharp on Windows Server, because honestly, it's a major PITA.  PFSense is what I'd advise.
> 
> ...



Yeah I remember that. Excellent work on your end, it was very interesting to follow. "The new hardware is infected too? Uh oh."


----------



## R-T-B (Jul 12, 2021)

I agree, in a strange way it was an honor to be a part of what I consider to be a historic case.

Not sure the people who are infected feel that way though.  And I do feel that unfortunately, it's spawned some unneccesary paranoia.


----------



## antirootkitbios (Jul 12, 2021)

Athlonite said:


> Why would you need to do that what are you really afraid of are you a nuclear reactor designer a rocket scientist or a terrorist trying to hide from the govt's of the world or some such I mean what is it that's on your PC that makes you think some malicious person or govt entity is going to go through all that hard effort to try and flog a few cat videos or step mom porn pics from your PC's hard drive


nono, i was hacked 5 times, last time, for a be a good player in tera, i beat some records, that made mad some people, anyway, tera na is closed, and that was a some years ago, i was planning to play again and mmorpg, and i want to close all the internet, except the IP and Port related to that mmorpg, and an ip to streamming to youtube and twitch

thanks for this conversation people, i found how to make a firewall with dd wrt and a computer, ill began with that.


----------



## MentalAcetylide (Jul 13, 2021)

antirootkitbios said:


> nono, i was hacked 5 times, last time, for a be a good player in tera, i beat some records, that made mad some people, anyway, tera na is closed, and that was a some years ago, i was planning to play again and mmorpg, and i want to close all the internet, except the IP and Port related to that mmorpg, and an ip to streamming to youtube and twitch
> 
> thanks for this conversation people, i found how to make a firewall with dd wrt and a computer, ill began with that.


Tera? I can't imagine people getting that bent out of shape over records and going after you with rootkits. That game is nearly a decade old and has gone to shit. I played it on the PC off & on for like 2 years and just gave up since most of the players online just stand around in the main city doing nothing, and all of the higher end content requires groups where everyone knows what they're doing. 
More than likely you downloaded and installed a mod for the game that had a trojan/virus. In particular, they had nude mods for the female characters iirc, so that probably explains why I saw so many noob female characters in the starter zones just doing nothing... 
Overall, its just another Black Desert Online... much eye candy and little in the way of being an MMORPG unless you like repetitive done to death. 

You probably need to re-evaluate your online habits. If you're viewing/downloading porn, installing illegal/unsupported game mods, accepting files from others you don't know, visiting questionable links, these things are bound to happen. Deep Freeze by Faronics is good for protecting computer configs & settings and against most malware by simply rebooting. I know of at least one college that uses it to avoid the IT nightmare of stupid people messing around on the campus computers. Nevertheless, it won't protect against rootkits or other malware specifically designed to get past reboot-to-restore software, and its not going to protect you from data theft.


----------



## R-T-B (Jul 13, 2021)

Another common thing to infect these days is outdated modems/routers.  I find that more plausible for your scenario frankly, for a real old modem an attacker really only needs your ip.  That can do a doozy on your whole network, reinfect hardware, all without doing anything to uefi/firmware.

The answer to fixing that of course is to not use ancient network hardware.  DD-WRT is a good option for routers too.


----------



## Mussels (Jul 13, 2021)

Umm, what hack methods did they use? How was your network breached?


If they just guessed passwords or caught you with phishing, nothing you do in your home network will change a thing.


----------



## eidairaman1 (Jul 13, 2021)

antirootkitbios said:


> nono, i was hacked 5 times, last time, for a be a good player in tera, i beat some records, that made mad some people, anyway, tera na is closed, and that was a some years ago, i was planning to play again and mmorpg, and i want to close all the internet, except the IP and Port related to that mmorpg, and an ip to streamming to youtube and twitch
> 
> thanks for this conversation people, i found how to make a firewall with dd wrt and a computer, ill began with that.



If you have a static IP, have it changed to dynamic


----------



## antirootkitbios (Jul 14, 2021)

MentalAcetylide said:


> Tera? I can't imagine people getting that bent out of shape over records and going after you with rootkits. That game is nearly a decade old and has gone to shit. I played it on the PC off & on for like 2 years and just gave up since most of the players online just stand around in the main city doing nothing, and all of the higher end content requires groups where everyone knows what they're doing.
> More than likely you downloaded and installed a mod for the game that had a trojan/virus. In particular, they had nude mods for the female characters iirc, so that probably explains why I saw so many noob female characters in the starter zones just doing nothing...
> Overall, its just another Black Desert Online... much eye candy and little in the way of being an MMORPG unless you like repetitive done to death.
> 
> You probably need to re-evaluate your online habits. If you're viewing/downloading porn, installing illegal/unsupported game mods, accepting files from others you don't know, visiting questionable links, these things are bound to happen. Deep Freeze by Faronics is good for protecting computer configs & settings and against most malware by simply rebooting. I know of at least one college that uses it to avoid the IT nightmare of stupid people messing around on the campus computers. Nevertheless, it won't protect against rootkits or other malware specifically designed to get past reboot-to-restore software, and its not going to protect you from data theft.


i began to play that game due my girlfriend, i didnt want to play it, but when she left, i began to play all day haha, i was terrible, and i was insulted for be so bad in the game, and when i became really good in the game, new haters arrived... haters that doesnt like you to be good in the game, and this is the interesting part, if you are bad playing, you get insults, but if you are good in a game, then you began to be accused first, of cheating, next, a lot of haters, and then, finally, the supreme hater, the one that hacks your account

i miss the old internet, i used to play ultima online official server, and it was a very nice place to meet and talk with a lot of people, diablo 2 in the beggining too, helbreath international also, but was maybe in 2008 when everything began to change

in 2001 i was hacked in battle net due a mistake, i started a game through TCP IP, hosting a server through battle .net tool, i didnt know in that momment that my computer was going to be a server haha

who hacked me in tera told me this

we went into a party to do a boss, guess when we go in that mode we are in a node or something, then they can track better the ips, then when we went in the final boss, he told me that he is hacking me remotly, then he was in my computer, passed my firewall, passed everything, he also, moved my mouse to make me die

that was the last die that i played tera, i loved that game, and i was really good, but this guy, made me think how vulnerable internet its, for kids, young girls, young boys

if someoneday i have a kid and he plays a mmorpg, i will buy to him a computer just for that, and other for personal things, nice to see someone that played tera


update about the post: i already mounted a firewall computer, and im playing with iptables in ssh and others things

thanks for all the help people, have a nice week!



eidairaman1 said:


> If you have a static IP, have it changed to dynamic


i have 3 ISP here, but the problem is, when you log in in a video game, your log in IP is recorded, example, lineage 2 classic, guess was the same with tera, anyway, tera in that year had many vulnerabilities, after i was hacked, someone did a global hack uploading something in the chat general window, i dont really know how many others vulnerabilities tera had, or maybe i was hacked through my youtube channel and twitch live streamming? i had 3 things opened when that happened

twtich streamming
youtube streamming

and tera
i still have the video of that day due while xplit streams, it also makes a video in my hard drive, i have both, the streaming and the hard drive video
was an interesting experience, and is real, you can have a firewall, but if you have something installed, that can create a backdoor, no firewall or antivirus will protect you

guess they found a vulnerability in twtich, youtube, or that game, probabbly that game, youtube and twtich are giant companies, i really doubt the vulnerability was there, more, with that i said about that vulnerability in tera chat days after i was hacked

if there is a game that i will always want to play again will be tera, i hope it be a tera 2 or something

good luck all! and thanks for the help



Mussels said:


> Umm, what hack methods did they use? How was your network breached?
> 
> 
> If they just guessed passwords or caught you with phishing, nothing you do in your home network will change a thing.


my network was fine, at least is what i believe, i didnt have dd wrt, i had cisco default firewall, problem was they found a vulnerability in tera, or in twtich or in youtube, we are talking about like 5 or 6 years ago, probabbly that is fixed now, a lot of time passed

if it was as i think, the problem was an app, not cisco firewall or windows firewall


----------



## Mussels (Jul 14, 2021)

That person likely hacked your *game* server, not your PC or anything locally. Think someone using an aimhack or wallhack - a temporary thing that altered network data, and nothing more.

It's a lot easier to fuck with netcode of a game and move a player around in the game and get them killed by another player in the session, than it is to hack a PC or do anything actually dangerous to your security.


----------



## eidairaman1 (Jul 14, 2021)

antirootkitbios said:


> i began to play that game due my girlfriend, i didnt want to play it, but when she left, i began to play all day haha, i was terrible, and i was insulted for be so bad in the game, and when i became really good in the game, new haters arrived... haters that doesnt like you to be good in the game, and this is the interesting part, if you are bad playing, you get insults, but if you are good in a game, then you began to be accused first, of cheating, next, a lot of haters, and then, finally, the supreme hater, the one that hacks your account
> 
> i miss the old internet, i used to play ultima online official server, and it was a very nice place to meet and talk with a lot of people, diablo 2 in the beggining too, helbreath international also, but was maybe in 2008 when everything began to change
> 
> ...



Dynamic ip changes


----------

