Router reboot warning
Good question.
I look at the router as I would look at a computer. If a virus is in the computer, on the software, turning it on and off won't help. You'll simply reload the virus.
The malware is sitting somewhere in the router. Maybe the FBI, having looked at the malware, determined simply turning it off and on will clear it.
Setting changes you make to the router remain, such as password, DHCP settings, encryption type (WPA2), etc. This is why the settings you've done to the router remain after restarts such as due to power failures. We should assume malware changes would also remain.
A step further would be to reset the router to the factory settings. That is, a a reboot from the firmware. You'll lose the settings you made. I don't know the architecture of router firmware. Is a factory reboot from read only firmware (ROM) or is it from the regular firmware that is updatable. Do routers even have two sets of firmware? That is, ROM for factory resets and also firmware that can be updated. The advantage of updated firmware is that it can be updated to the latest fixes. The disadvantage is it may also be corrupted.
Another step is to download the latest firmware from the vendors site and apply it to the router, overlaying current firmware. But if the current firmware applies the update who is to say a very well written malware will not transfer the corruption to the new firmware.
ps - there are sites where you can get "custom" router firmware. They may have the answer.
BG9 said:
Good question.
I look at the router as I would look at a computer. If a virus is in the computer, on the software, turning it on and off won't help. You'll simply reload the virus.
The malware is sitting somewhere in the router. Maybe the FBI, having looked at the malware, determined simply turning it off and on will clear it.
Setting changes you make to the router remain, such as password, DHCP settings, encryption type (WPA2), etc. This is why the settings you've done to the router remain after restarts such as due to power failures. We should assume malware changes would also remain.
A step further would be to reset the router to the factory settings. That is, a a reboot from the firmware. You'll lose the settings you made. I don't know the architecture of router firmware. Is a factory reboot from read only firmware (ROM) or is it from the regular firmware that is updatable. Do routers even have two sets of firmware? That is, ROM for factory resets and also firmware that can be updated. The advantage of updated firmware is that it can be updated to the latest fixes. The disadvantage is it may also be corrupted.
Another step is to download the latest firmware from the vendors site and apply it to the router, overlaying current firmware. But if the current firmware applies the update who is to say a very well written malware will not transfer the corruption to the new firmware.
I agree. That is why the guidance on this issue is a bit unclear.
"Cisco advised all users to perform a factory reset of their devices, which would clear out even stage 1 of the malware. If you’re unclear on how to perform a factory reset, you should contact the router manufacturer for instructions, but in general inserting a paper clip into the “reset” button located on the back or bottom of your router and holding it in place for a few seconds will wipe your router. Additional recommendations to mitigate future attacks are also found in Cisco’s report."
https://www.digitaltrends.com/computing/vpnfilter-malware-router-reboot/
Good to know.
I just hope this malware insertion doesn't become a habit where we'll end up resetting every month.
BG9 said:
Good to know.
I just hope this malware insertion doesn't become a habit where we'll end up resetting every month.
Probably not a bad idea anyway. But what a pain.
factory reset messes up your password..there are ways to deal with it (setting new one)...just be sure to write it down someplace safe since it will not be the one listed on the sticker (for people that use that
jmitw said:
factory reset messes up your password..there are ways to deal with it (setting new one)...just be sure to write it down someplace safe since it will not be the one listed on the sticker (for people that use that
Isn't this whole issue related to the fact that most people never change the default password? If it's 5% I'd be surprised.
drummerboy said:
jmitw said:Isn't this whole issue related to the fact that most people never change the default password? If it's 5% I'd be surprised.
factory reset messes up your password..there are ways to deal with it (setting new one)...just be sure to write it down someplace safe since it will not be the one listed on the sticker (for people that use that
This is probably more relating to people not updating their firmware. Old firmware will likely have security holes that aren't patched which can be exploited.
qrysdonnell said:
drummerboy said:This is probably more relating to people not updating their firmware. Old firmware will likely have security holes that aren't patched which can be exploited.
jmitw said:Isn't this whole issue related to the fact that most people never change the default password? If it's 5% I'd be surprised.
factory reset messes up your password..there are ways to deal with it (setting new one)...just be sure to write it down someplace safe since it will not be the one listed on the sticker (for people that use that
Not that some have that choice. My router is Linksys E2500. The latest supplied firmware is April 2014.
I'm not going to reward their lack of firmware support by buying a new one.
just read another article...says reboot...unplug (it says 10 seconds, but I've had to wait at least a minute) and it reboots when you plug it in.
I occasionally have an issue where the wifi quits and doing a soft reset by unplugging fixes it. once it didn't work until i left it unplugged 3-5 minutes.....so if it were me, I would unplug 5 minutes for this
Since we're kind of on the subject, I have a home networking question that maybe someone here can help me with.
I've got a Comcast cable modem with 4 ethernet ports, and a Linksys router with another 4. The cable modem is connected to the internet port on the Linksys router.
My computers are configured into a local network connected to the Linksys router. Now, if I hook up a computer to the one of the cable modem free ports, that computer can get to the internet, but it can't be seen by the computers hooked into the Linksys. Is there anyway to remedy that? Maybe by adding a DNS entry or something that points to the cable modem? I'd like to be able to use those extra ports on the cable modem to extend my home network.
@drummerboy, connect your modem to your router via one of the router's LAN ports, not the WAN port. That's your problem. The two devices each creates a LAN, and they will always be separate. Don't use the modem's LAN ports for a computer unless you want that computer to be separate from the other LAN's computers.
Short version: Replace your Linksys router with a switch.
Long version: Your issue is that you're setting up a double-NAT. NAT is a technology where you can have one address essentially appear as 'many' to the Internet and the NAT device takes care of the routing. Or as it's called 'network address translation'. The main benefit of this method is that it allows you to have more devices than IP addresses, and it also has a secondary benefit that it keeps the devices behind it from being on the Internet at large. (Although, as we can see by the malware infecting these routers, the device itself is still on the Internet and can be compromised.)
Your outside IP address is going to be some number like 100.100.100.100 and the device will set up an internal network where IP addresses are something like 192.168.0.x or such. What you have going on is that you have two devices doing NAT. So your second device (the Linksys) would have an external IP that isn't actually external and is routed a 2nd time to get out.
What you should really be doing is just using a switch instead of a router to allow you to extend your internal network. You can use a router as a switch by plugging the 2nd router into the 1st router via one of it's LAN ports. You may also have to disable some services that the router would be doing by default to avoid some other potential problems. Hence, it's easier to just replace it with the hardware you'd usually use in this situation, which would be a switch.
qrysdonnell said:
Short version: Replace your Linksys router with a switch.
Long version: Your issue is that you're setting up a double-NAT. NAT is a technology where you can have one address essentially appear as 'many' to the Internet and the NAT device takes care of the routing. Or as it's called 'network address translation'. The main benefit of this method is that it allows you to have more devices than IP addresses, and it also has a secondary benefit that it keeps the devices behind it from being on the Internet at large. (Although, as we can see by the malware infecting these routers, the device itself is still on the Internet and can be compromised.)
Your outside IP address is going to be some number like 100.100.100.100 and the device will set up an internal network where IP addresses are something like 192.168.0.x or such. What you have going on is that you have two devices doing NAT. So your second device (the Linksys) would have an external IP that isn't actually external and is routed a 2nd time to get out.
What you should really be doing is just using a switch instead of a router to allow you to extend your internal network. You can use a router as a switch by plugging the 2nd router into the 1st router via one of it's LAN ports. You may also have to disable some services that the router would be doing by default to avoid some other potential problems. Hence, it's easier to just replace it with the hardware you'd usually use in this situation, which would be a switch.
ahh, I like this answer, but I'm going to have to read it a few times. But I think I get it.
Tom_Reingold said:
@drummerboy, connect your modem to your router via one of the router's LAN ports, not the WAN port. That's your problem. The two devices each creates a LAN, and they will always be separate. Don't use the modem's LAN ports for a computer unless you want that computer to be separate from the other LAN's computers.
So if I connect the modem to the router via a lan port, that will link the two devices into one LAN, and all computers plugged into either the modem or the router will have internet access?
I guess that's what qrysdonnell is saying also?
No, qrysdonnell's answer is better because your router creates a LAN where you don't need one, since your comcast modem is really a modem/router combo, and it creates a LAN. But by connecting the modem/combo's LAN port to your router's LAN port, you are extending the LAN rather than creating a second unnecessary one. I just realized that if you follow my advice, you must disable DHCP on your router. If you don't do that, both devices will hand out IP addresses, and that will create conflicts.
I see that the FBI has issue recommendations that all routers be rebooted immediately to help stop a malware attack. Is rebooting as simple as turning the router off and on or is a reset needed?
http://fortune.com/2018/05/26/fbi-warning-russian-malware-routers/