National Cyber Warfare Foundation (NCWF) Forums


Diagnosing Actions on compromised router


0 user ratings		2020-07-29 12:02:36
noncreature0714
Personal Cybersecurity
ASU sent me some nasty-grams saying that I\'m getting reported to the dean of students for maliciously scanning the network.

Turns out, someone has by-passed authentication on my router and it doing something nasty there. I suspect, due to anomalous behavior on my home network, that whoever is there has been targeting my particular router for a while.

I\'d like to turn this into an educational experience. I downloaded the logs. I think the incident started when the dates suddenly change from November to May.

I\'ve attached the abbreviated log file.

As you\'ll see, something interrupts my ISP service then installs a web server and begins to scan physical memory locations. The log is relatively short, and jumps suddenly from November to May... and remains May while something installs itself, redirect traffic, and then attempt to blend in.

Can I get some mentorship/advice on reverse engineering my maliciously hacked router?

Comments
new comment
Nobody has commented yet. Will you be the first?
  
return to home


Copyright 2012 through 2021 - National Cyber Warfare Foundation - All rights reserved worldwide.