Q. I believe that my router is hacked or compromised. What are the things that I should do or I shouldn't do while waiting for security expert or forensic to examine my router?
A. Here are the things that I recommend while you're waiting for security experts who will inspect and submit reports about your router:
Do's
1. Access the router through the console (assuming that you can still access the router with your password)
2. Record the entire console session
3. Run "show commands" only
4. Record the actual time and the router's time
5. Record the volatile information
Dont's
1. Reboot the router
2. Access the router through the network
3. Run "configuration commands"
4. Rely on persistent information
What if you cannot login to the router because the attacker changed the password?
--use NMAP
Sample NMAP commands that you can use:
nmap -v -sS -PO -p l-
nmap -v -sU -PO -p l-
nmap -v -sR -PO -p l-
No comments:
Post a Comment